A COMPUTER WEEKLY BUYER'S GUIDE TO THREAT MANAGEMENT - BITPIPE
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Home
Home
A Computer Weekly buyer’s
Making unified
guide to threat management
threat management
a key security tool
How unified threat
management can be
a useful tool when
chosen correctly
according to
business needs
Layer your approach
to web security
Combining unified
threat management
with other security
systems is essential
to tackle threats
Choosing cloud-
based security
services
Cloud-based security
helps reduce costs for
firms with a growing
cloud footprint
Threat management has become a vital component in the cyber security strategy of many businesses. In this
19-page buyer’s guide, Computer Weekly looks at why threat management should be tailored to your company’s
needs, the strength in combining it with other security systems and how cloud-based security can reduce costs
ALEX/ADOBE
computerweekly.com buyer’s guide 1
BUYER’S GUIDE TO THREAT MANAGEMENT
Making unified
threat management a
key security tool
T he 2018 Cyber Security Breaches Survey from the
Department for Digital, Culture, Media and Sport
(DCMS) found that 43% of the 1,519 UK businesses
that participated admitted they had experienced a
cyber attack or security breach.
Fines for major data breaches may be among the main reasons
the industry is pushing unified threat management (UTM), says
Peter Wenham, a member of the BCS security community of
As data protection becomes critical to businesses, Warwick Ashford expertise. The General Data Protection Regulation (GDPR) has
looks at how unified threat management can be a useful tool, providing driven many chief information security officers (CISOs) to reas-
it is selected and deployed correctly according to business needs sess their security posture. The new data regulation, which came
into force in May 2018, means organisations face fines of up to
4% of global turnover. According to Wenham, UTM systems can
help reduce the threats that could lead to a breach.
Benefits of UTM
Emma Bickerstaffe, senior research analyst at the Information
Security Forum (ISF), says UTM systems were designed primar-
ily for small to medium-sized enterprises (SMEs), but suppli-
ers are increasingly promoting UTM as a viable and beneficial
option for large enterprises.
The advantage of implementing a UTM appliance is that there
is a single interface from which to both manage UTM appliance
functionality and to monitor network events in a consolidated
view. Other UTM appliance functions can include prioritising
events and the alerting of significant events via video screens, SMS
FEODORA/ADOBE
text messages and email, in addition to comprehensive reporting
capabilities. Some products also offer artificial intelligence (AI) to
HOME
computerweekly.com buyer’s guide 2
BUYER’S GUIDE
Home
Making unified
threat management
aid diagnosis of security-related events, while most offer tools to UTM tool that can be used to protect the organisation. “By inter-
a key security tool aid investigations, says Wenham. cepting web requests at the point of initiation and using pre-
How unified threat The centralised management control is often the clincher, with defined and frequently updated whitelists and blocklists of sites,
management can be
a useful tool when administrators gravitating to this with the intention of being an organisation can screen out and mitigate the threat posed by
chosen correctly able to deploy policies uniformly by using a single console, says a significant proportion of phishing attacks, malware-infected
according to
business needs
RV Raghu, director of information security professional asso- emails and links, scams and other threats that could compro-
ciation Isaca. “But before getting carried away, it is imperative mise user and data security,” she says.
Layer your approach
that enterprises understand that According to De Leeuw, a UTM-
deploying a UTM tool requires that based approach to centralised anti-
“E
to web security
Combining unified administrators have a deep under- nterprises need to understand spam and antivirus provides a man-
threat management
with other security
systems is essential
standing of how the tool will inter-
face with the existing infrastructure
that deploying a UTM tool
ageable and difficult-to-circumvent
layer of data and file protection.
to tackle threats
landscape,” he says. requires that administrators She says it reduces the risk of data
The other aspect which plagues being compromised by malware
Choosing cloud-
based security
all implementations of UTM, says have a deep understanding of corruption or ransomware hijacking,
services Raghu, is the fall in performance, machines being disrupted by mal-
Cloud-based security which can be experienced when how the tool will interface with ware infection, and also communi-
”
helps reduce costs for
firms with a growing
several services are turned on, with the existing infrastructure cations platforms being overrun by
cloud footprint some users indicating a steep fall in irrelevant and unwanted junk mail.
performance. “While this may seem RV R aghu, Isaca “A centralised approach can coun-
like a deal-breaker, it also points to ter any local client preferences or
the need for proper planning and design prior to implementing lapses in judgement and best practice. Thus, it can restore the
the solution, as well as close interaction between the enterprise messaging signal-to-noise ratio to a level where email is a net ben-
and its implementation partner,” he says. efit to the organisation, rather than having inordinate amounts of
For Mary-Jo de Leeuw, director of cyber security advocacy for storage space and user time wasted on junk mail, scams, threats
Europe, the Middle East and Africa (EMEA) at non-profit mem- and other security challenges,” says De Leeuw.
bership association for certified cyber security professionals To optimise the potential of a UTM system, Bickerstaffe recom-
(ISC) , web filtering is arguably the most powerful client-facing
2
mends that an organisation determines which of its functions to
computerweekly.com buyer’s guide 3
BUYER’S GUIDE
Home
Making unified
threat management
enable with reference to the threats faced by the business and What are you protecting?
a key security tool whether the respective functions offered by the UTM system Mike Gillespie, vice-president of the C3i Centre for Strategic
How unified threat meet security and business requirements. Cyberspace and Security Science (CSCSS), says using UTM
management can be
a useful tool when “Consideration should be given to the capacity of the UTM sup- means managing your own expectations. “It is vital before buy-
chosen correctly plier to add new functions and improve the functionality of exist- ing any security system to first establish what you are protect-
according to
business needs
ing ones as threats evolve,” she says. ing, why, and from what you are protecting it. Seems basic, but
The performance of the UTM platform should also be tested you would be amazed at the thought that sometimes fails to go
Layer your approach
prior to adoption to ensure it has the capacity to handle the loads into this part of a specification. For it to be the right tool for the
to web security that existing and new features can generate. job, you need to know what the job is,” he says.
Combining unified
threat management
with other security
FEODORA/ADOBE
systems is essential
to tackle threats
Choosing cloud-
based security
services
Cloud-based security
helps reduce costs for
firms with a growing
cloud footprint
computerweekly.com buyer’s guide 4
BUYER’S GUIDE
Home
Making unified
threat management
In addition, BCS’s Wenham says there needs to be an under- approach would be the implementation of a UTM appliance offer-
a key security tool standing of whether an infrastructure is to be completely rede- ing not just firewall, IDS [intrusion detection system] and IPS
How unified threat signed and rebuilt, or it is greenfield build, or whether it is a case [intrusion detection system] functions, but also content filtering
management can be
a useful tool when of selectively updating an existing infrastructure. and email spam and message handling, data loss prevention, VPN
chosen correctly “While the basics are the same in each case, such as the need [virtual private network] and endpoint control,” he adds.
according to
business needs
for an effective set of IT and information security management But implementing a UTM appliance with many functions may
processes and controls to be in place, there will be trade-offs require a partial redesign of an organisation’s infrastructure.
Layer your approach
and compromises between these
to web security approaches,” he says. Security failure
Combining unified
threat management
For a complete network rede- A complete network redesign With a UTM, there is a single point
with other security sign of an existing infrastructure, of failure in the corporate IT security
systems is essential Wenham says there is greater scope would offer greater scope in systems, warns CSCSS’s Gillespie.
to tackle threats
in UTM tool selection, from on-site
UTM network appliances to out-
UTM tool selection and should “While you may have combined
several functions into one platform
Choosing cloud-
based security
sourced cloud-based services, or a lead to an optimal solution but , (and supplier/manufacturer), you
services combination of approaches. He says are relying on all of those func-
Cloud-based security such a redesign should lead to an it would cause major disruption tions being carried out as efficiently,
helps reduce costs for
optimal solution for an organisation, accurately and comprehensively
firms with a growing while being implemented
cloud footprint but would typically cause major dis- as a single function offering could
ruption while being implemented. do, and to the same standard.
Updating existing infrastructure involves replacing existing Therefore, it is as strong as its weakest component,” he says.
infrastructure devices with a UTM appliance that offers greater Gillespie urges organisations that plan to deploy UTM to
capability and either a single unified management interface or establish a security architecture based around the security prin-
implements a software-based central management system offer- ciple of defence in depth by using technology from a variety of
ing UTM capabilities. suppliers and manufacturers.
Wenham says a basic approach to UTM could be to replace a UTM is not a panacea. People are needed to configure the UTM
firewall with a UTM appliance offering a firewall with intrusion systems, he says, so there is a risk of human error. “The ICO
detection and intrusion prevention. “A more comprehensive UTM [Information Commissioner’s Office] tells us that misconfigured
computerweekly.com buyer’s guide 5
BUYER’S GUIDE
Home
Making unified
threat management
software or hardware is one of the top causes of data breach with insight. You need to make sure you have your people and
a key security tool in the UK,” adds Gillespie. People are going to run, manage and plans ready to make the most of that insight.
How unified threat patch the UTM itself. Like all security technologies, UTM is constantly evolving. In
management can be
a useful tool when As an antidote to UTMs becoming a single point of failure, Isaca’s the age of GDPR and similar legislation around the world, where
chosen correctly Raghu says enterprises are encouraged to implement paired businesses are under increasing pressure to disclose breaches,
according to
business needs
devices, ensuring high availability. “It is imperative to understand the ability to forensically report on attacks will be key, says
that a UTM by itself is only one part of the puzzle and needs to Simon McCalla, chief technology officer at Nominet. “Knowing
Layer your approach
be part of an overall security strategy, especially considering that what data was stolen, and where it went, will need to be a key
to web security a host of new technologies that are offering for all cyber security sup-
Combining unified being adopted by enterprises bring pliers,” he adds.
threat management
with other security
systems is essential
their own challenges,” he says.
“W e need to manage our own UTM can be a useful tool to ena-
ble businesses of all sizes to bolster
to tackle threats
Manage expectations expectations of what a UTM their data protection capabilities
So on its own, a unified threat man- by providing a consolidated view of
Choosing cloud-
based security
agement system will not make a can and can t ’
do ,as well as what is going on in the network, but
services
Cloud-based security
business compliant with legislation
like GDPR. Nor can it train staff.
knowing what we need it to do ” UTMs alone cannot solve all chal-
lenges relating to data protection.
helps reduce costs for
firms with a growing
“We need to manage our own Mike Gillespie, CSCSS Unified threat management tools
cloud footprint expectations of what a UTM can must be carefully selected and
and can’t do, as well as knowing tuned to meet the data protection
what we need it to do,” says Gillespie. “There is no point replac- needs of the particular business, staff must have the skills to inter-
ing a number of unnecessary security solutions from a range of pret what the UTM system tells them, and care must be taken to
suppliers with a number of unnecessary security solutions from ensure that a UTM does not represent a single point of failure by
a single supplier.” incorporating it in a robust, multilayered security architecture.
You need to make sure you have the skills, plan and team in place “An analysis of the pros and cons in the context of your organi-
and that you are able to act on intelligence that systems like these sation must be conducted before implementation and on an
generate. Again, this is part of managing your own expectation of ongoing basis to ensure that the UTM continues to meet your
what it can achieve and knowing that it can and will provide you requirements,” says Raghu. n
computerweekly.com buyer’s guide 6
BUYER’S GUIDE TO THREAT MANAGEMENT
Layer your approach
to web security T he World Wide Web (WWW) is celebrating its 30th
birthday. Among the many benefits it has given soci-
ety, the web has also become the perfect vehicle to
trick unsuspecting users into visiting rogue websites
containing malware.
Bridget Kenyon, global chief information security officer (CISO)
at Thales, says search engines such as Google and Microsoft
Bing have worked hard to remove malicious search results, but
while web browsers are filtering out most of the bad sites, it is
difficult to prevent the worst attacks. “Spear phishing is a lot
harder to recognise,” she adds.
The web has made it possible for users to jump easily between
different servers across the internet, without even being aware
that it is how web pages are rendered on their browsers.
For security professionals, ensuring users don’t acti-
vate malware that could attack the corporate network is
an uphill battle, often involving multiple security systems,
with each requiring administration. Unified threat man-
agement (UTM) is an attempt by the industry to simplify
security management.
Traditionally, UTM has focused on preventing and detecting
cyber attacks. Ideally, security incidents and breaches should be
prevented, says Maxine Holt, research director at Ovum.
However, organisations recognise that not everything can be
Combining unified threat management with other security prevented, so Holt says it is essential that the potential for a
systems and a strategic CISO is essential to defend security breach is detected while an attacker is in the network,
ALEX/ADOBE
against threats, writes Cliff Saran before the breach happens.
HOME
computerweekly.com buyer’s guide 7BUYER’S GUIDE
Home
Making unified
threat management
“As we have seen with enterprise approaches McCalla urges CISOs to be wary of marketing
a key security tool to security across all sectors and in organisa- ❯Implementing UTM will hype. He says one major cyber security player
How unified threat tions of all sizes, there is increased focus on the help maintain good security was recently criticised for the inefficient alerts it
management can be and so help prevent breaches –
a useful tool when third objective of technology security controls – but it must be maintained
was giving the teams that used it. The technol-
chosen correctly responding to an attack,” she says. to work effectively. ogy was essentially accused of crying wolf, mean-
according to
business needs
More of these types of technology capabilities ing that security professionals ignored alerts, or
will be deployed as part of UTM. Data loss pro- turned them off all together. “This doesn’t mean
Layer your approach
tection (DLP) is generally included, but may be that the system wasn’t also flagging legitimate
to web security joined by data breach reporting capabilities to comply with the threats, but they were likely lost in the maelstrom,” he adds.
Combining unified EU’s General Data Protection Regulation (GDPR), for example. According to McCalla, one of the key areas which is often
threat management
with other security underlooked is domain name system (DNS) security, which
systems is essential Multiple layers of security offers a layer of protection that sits at the very gateway to your
to tackle threats
For Holt, the benefits of UTM, led by the reduction of complexity network. DNS is usually a reliable attack vector, as firewalls
in the security environment for small and medium-sized enter- often allow traffic through this way.
Choosing cloud- prises (SMEs), mean that UTM will be around for years to come. However, as McCalla points out, what is weak in the event
based security
services However, Simon McCalla, chief technology officer (CTO) at of an attack can be made strong in defence – if every packet of
Cloud-based security Nominet, says: “Having one system in place means there’s only data leaves or enters via the DNS, it can be used as a strong
helps reduce costs for
firms with a growing
one system to go wrong. A lack of redundancy systems means first line of defence.
cloud footprint that if the worst were to happen, there’s nobody on the subs’ “At the moment, UTM systems don’t pay much attention to
bench ready to come on and change the game. If the UTM sys- the DNS,” he says. “CISOs would be wise to consider a layered
tem fails, the criminals can essentially walk right in.” approach to cyber security, with bespoke tools for each poten-
Given that the profile of cyber criminals is changing and attack tial attack vector. Or, if a UTM system is the preferred method
vectors continually change, McCalla warns: “With a UTM sys- of protection, a backup system that sits at a DNS level should
tem, you’re reliant on the threat intelligence provider to be as be considered.”
quick as the criminals. If it’s not up to date, a business’s whole The other thing CISOs need to consider is what type of busi-
security posture is weakened, instead of just one element. This ness they are in, and where it might be vulnerable. For example,
leaves multiple attack vectors open to criminals, and makes the a manufacturing or industrial business will be vulnerable in dif-
business more vulnerable.” ferent areas to a bank.
computerweekly.com buyer’s guide 8BUYER’S GUIDE
Home
Making unified
threat management
One thing that is clear, however, is that as businesses continue with malware – this happened to a casino when its connected
a key security tool to transform digitally, connecting more devices online, maintain- fish tank was hacked. To that end, CISOs should consider their
How unified threat ing a secure network environment becomes harder. Due to the spend. UTM systems may give them protection in areas they
management can be
a useful tool when interconnected nature of today’s businesses, a UTM tool likely don’t need, while leaving them vulnerable in others.
chosen correctly wouldn’t cover all bases anyway.
according to
business needs
Firewalls and anti-spam software are effective at catch- UTM is not a silver bullet
ing phishing emails aimed at employees, but they may not Simon Persin, director of Turnkey Consulting, warns that over-
Layer your approach
notice packets of data leaving a connected device infected reliance on a UTM system must be avoided. “If alerts are
to web security
Combining unified
threat management
with other security
systems is essential
to tackle threats
Choosing cloud- Firewalls and anti-spam
based security
services software are effective at
Cloud-based security
helps reduce costs for
firms with a growing catching phishing emails aimed
at employees, but they may not
cloud footprint
notice packets of data leaving
a connected device infected
with malware
ALEX/ADOBE
computerweekly.com buyer’s guide 9BUYER’S GUIDE
Home
Making unified
threat management
switched off – possibly as part of an attack, as this would be Jirasek believes UTM, or any other technology for that mat-
a key security tool a target – effectiveness is seriously compromised,” he says. “In ter, is no good without well-executed processes. “Start with
How unified threat other words, using UTM shouldn’t mean foregoing controls at the critical controls implemented as processes, supported by
management can be
a useful tool when other levels throughout the organisation.” trained people, good configuration and managed technolo-
chosen correctly He adds that storage is another consideration. “UTM systems gies,” he says. “It is only then that we stand a realistic chance
according to
business needs
rely on vast amounts of stored data to detect patterns over to protect against data breaches.”
time as well as identify immediate threats. When implementing
Layer your approach
UTM, the team must understand the data requirements, avail- What next for UTM?
to web security ability of storage and potential impact on key applications prior As threats continue to evolve, so too will UTM tools. In the age
Combining unified to installing,” he says. of GDPR and similar legislation worldwide, where businesses are
threat management
with other security Vladimir Jirasek, managing director of specialised cyber secu- under increasing pressure to disclose breaches, McCalla believes
systems is essential rity consultancy and services company Jirasek Security, says: that the ability to forensically report on attacks will be key.
to tackle threats
“Sometimes I get into discussions pertaining to the use of the “Knowing what data was stolen and where it went will need to
latest technologies to thwart data be a key offering for all cyber secu-
Choosing cloud- breaches. In many cases, the debate rity suppliers,” he adds.
based security
services quickly steers into suppliers, capa- “C yber security starts with Nominet’s McCalla expects
Cloud-based security bilities and features. I try to get my processes at the hygiene level UTM tools to become more
helps reduce costs for
point across: cyber security starts expansive as they cover the ever-
–
firms with a growing
cloud footprint with processes at the hygiene level once these are implemented to increasing attack vectors available
– once these are implemented to criminals.
to a satisfactory level, add more a satisfactory level add , “They will also look at offering
advanced processes.”
He believes cyber security pro-
more advanced processes ” protection at a deeper network
level to cope with the plethora
cesses are undervalued in the Vladimir Jirasek, Jirasek Security of devices now connected to the
portfolio of security programmes. internet. Some sort of DNS protec-
“Companies put various technologies in place, in some cases tion capability will be essential,” he says.
implementing these without a care for how they will be managed, Ultimately, UTM systems – as with all types of threat pre-
monitored and integrated into the rest of processes,” he says. vention – will always be in responsive mode, tracking the
computerweekly.com buyer’s guide 10BUYER’S GUIDE
Home
Making unified
threat management
latest threats and adapting accordingly. To that end, it will still or security camera – requires an open connection to the inter-
a key security tool require the guile of a strategic CISO to understand their own net, this provides a network port through which hackers can
How unified threat network, identify the weak points, and deploy tools accord- target attacks.
management can be
a useful tool when ingly. Whether that’s a UTM system, bespoke tools, or com- Understanding the health of the corporate network from
chosen correctly bination of the two, nothing will beat the strategic outlook of a a security standpoint – where are attacks being targeted or
according to
business needs
well-versed CISO. which exploits have broken through – is key to stopping or
The threat landscape has exploded as the web and services limiting damage from any attacks. UTM may go some way
Layer your approach
built on web technologies gain in popularity. Given that every to helping security admins manage the ever-changing threat
to web security device – whether it is a corporate PC, a smartphone or an inter- landscape by providing a single console to assess the overall
Combining unified net of things (IoT) device such as an internet-connected TV security posture of the corporate network. n
threat management
with other security
systems is essential
to tackle threats
Three network traffic patterns to watch out for and what to do about them
Choosing cloud-
based security
services 1. Generic patterns, known within the industry and likely to affect many organisations: Tools to detect these can be delivered by the UTM
Cloud-based security provider, and is potentially an area for the customer to consider when undertaking due diligence on the prospective supplier.
helps reduce costs for
firms with a growing
2. P atterns specific to individual organisations that are known about: This requires the UTM solution to be extendable so that custom
cloud footprint patterns can be defined to meet specific needs.
3. Patterns that are not yet known and therefore need to be defined: The UTM product could analyse the source data, for example, and
propose potentially undetected scenarios outside the previously known threats. This is where artificial intelligence may be most effec-
tively applied.
Once patterns have been identified, the right tools are needed in the operational world to generate a relevant response – such as an alert
or notification – direct to a nominated user, or the incident response system, should an anomaly occur. This should also include an aspect
of machine learning to assist where a potential violation has been repeatedly marked as an exception or false positive.
Source: Simon Persin, director of Turnkey Consulting
computerweekly.com buyer’s guide 11BUYER’S GUIDE TO THREAT MANAGEMENT
Choosing cloud-based
security services I n early 2018, Niall Merrigan, an Irish cyber security expert
living in Norway, chanced upon the personal data of tens of
thousands of mobile phone subscribers in Thailand using
a free tool that scans content stored on Amazon’s Simple
Cloud Storage Service (S3). The data, including image scans of
drivers’ licences belonging to customers of Thai telco service
True Move H, was stored in S3 buckets with allegedly no security
measures in place to protect it.
“Simply, if you found the URL, you could download all their cus-
tomers’ scanned details,” Merrigan wrote on his blog. “In all, over
32GB of data existed in this bucket, totalling 46,000 files, neatly
organised by year.”
True Corp, the company that operates the True Move H ser-
vice, defended its security measures after the breach, claim-
ing that it had a “good security system” and that the data was
hacked by Merrigan.
The True Move H incident, following other S3 data leaks that
hit organisations globally, underscores the importance of cyber
security when moving to the cloud.
“There are still a lot of misconceptions about the cloud and the
kind of security and protection that companies will get when they
store their data there,” says Aaron Bugal, global solutions engi-
Cloud-based security services can help organisations with a neer at Sophos. “The most important thing to remember is that
CHAIWUTNNN/ADOBE
when companies put data in the cloud, it is imperative that they
growing cloud footprint to reduce costs and address the understand how it is being protected, and do not assume that
manpower crunch in cyber security, writes Aaron Tan security is being taken care of.”
HOME
computerweekly.com buyer’s guide 12BUYER’S GUIDE
Home
Making unified
threat management
After a spate of S3 data leaks, Amazon rolled out another at Symantec. “This is one of the key benefits that all organisa-
a key security tool layer of protection in November 2018 to prevent accidental data tions welcome – especially small and medium-sized enterprises
How unified threat leakages. This includes tools to make sure administrators do [SMEs] that tend to have limited resources.”
management can be
a useful tool when not make data publicly accessible through a simple mistake or The increased use of mobile devices and applications in line with
chosen correctly misunderstanding. the bring-your-own-device (BYOD) trend has also contributed
according to
business needs
Although such tools are handy and should help enterprises to to the growth in adoption of cloud-based security systems, says
avoid costly cloud security mistakes, they are often not enough. Cunningham, noting that cloud-based security will give organisa-
Layer your approach
“More can still be done to ensure that data on the cloud is not tions greater business agility while ensuring critical information
to web security easily compromised,” says Bugal, remains protected.
Combining unified such as the need to understand the Other benefits of cloud-based
threat management
with other security type of data and whether or not C -
loud based security will services are the always-on avail-
systems is essential that data should be in the cloud in ability of such services to monitor
to tackle threats
the first place. Enterprises should give organisations greater real-time threats, as well as simplic-
also understand the types of cloud ity, with suppliers taking care of the
Choosing cloud- models used by the provider, and
business agility while heavy lifting without enterprises
based security
services ensure the proper layers of protec- ensuring critical information needing to become cyber security
Cloud-based security tion, such as firewalls or intrusion experts. “Complexity is the enemy
helps reduce costs for
firms with a growing
prevention, are in place. remains protected of security,” says Sophos’s Bugal. “If
cloud footprint technical controls demand a high
Enter cloud-based security degree of knowledge to operate,
But faced with limited budgets and a dearth of cyber secu- they will most likely negatively affect the overall security posture
rity talent, many enterprises can’t do it all alone. That’s where of the business.”
cloud-based security – a growing market that Gartner expects In fact, the benefits of adopting cloud-based security are not too
to be worth $9bn by 2020 – comes in. different from those that drive enterprises to move to cloud-based
“Cloud-based solutions can help organisations save signifi- infrastructure or, more generically, IT outsourcing, according to
cant costs by eliminating the need to power the hardware-based the Cloud Security Alliance (CSA) APAC. “That would include
security equipment and physical space taken up by datacentres,” greater business agility, data availability, collaboration, simplicity
says John Cunningham, APAC vice-president for cloud security of updates and cost savings,” it says. “The scale stemming from
computerweekly.com buyer’s guide 13BUYER’S GUIDE
Home
Making unified
threat management
cloud service providers’ extensive and distributed infrastructure of IDC’s IT security practice in Asia-Pacific.
a key security tool also provides the economies of scale and performance that are Enterprises should also consider their ability to manage these
How unified threat beneficial in protecting enterprises against attacks such as dis- offerings effectively, he says, because having a broad range of
management can be
a useful tool when tributed denial of service [DDoS].” supplier products inevitably leads to complexity and inefficiency –
chosen correctly However, the CSA APAC notes that the adoption of cloud- as well as the regulatory environment in which they are operating.
according to
business needs
based security is often a function of where an enterprise is Piff notes that some industries have more regulatory hur-
on the cloud adoption readiness scale. “Without the dles than others, and with privacy a growing issue
Layer your approach
right organisational mindset, governance and worldwide, enterprises should consider data
to web security compliance, architecture, skilled manpower, management as part of their cloud-based
Combining unified understanding of service level agreements security portfolio.
threat management
with other security and the shared responsibility model, just
systems is essential to name a few, an enterprise is essen- Managed security services
to tackle threats
tially not yet ready to take on anything In some cases, managing a suite of
cloud-based,” it says. cloud-based security services may not
Choosing cloud- “Just like you cannot port an enter- be viable because of a lack of in-house
based security
services prise’s on-premise infrastructure to the cloud overnight, the expertise and resources, or the need for customised cyber secu-
Cloud-based security same applies, even more so, to security. Of course, if an enter- rity programmes. A managed security service (MSS) could be
helps reduce costs for
firms with a growing
prise’s infrastructure is not fully cloud-based, there will be some the answer, providing a range of services from different security
CHA
cloud footprint areas of security that would still practically require some form of suppliers that scale on demand, including threat detection and
IWU
on-premise and hybrid solutions.” response, security testing, proactive threat hunting and digital
TN
N
forensic investigations.
N/A
Broad considerations
DO
“Some organisations, but very few, have the monetary and time
B
E
Before settling on any cloud-based security service (see the resources needed for building out and maintaining an infrastruc-
array of options on page 16), there are a number of broad con- ture that will deliver the same level of security that MSS provides,”
siderations to bear in mind. First, enterprises need to evaluate says Chris Schueler, senior vice-president of MSS at Singtel-
the pros and cons of each service delivery method and how it owned Trustwave. “In most cases, it is simply not feasible.”
fits into the current security infrastructure – and, critically, the Schueler notes that the talent gap, in particular, is driving some
future strategy of the business, says Simon Piff, vice-president enterprises to consider MSS offerings that are typically delivered
computerweekly.com buyer’s guide 14BUYER’S GUIDE
Home
Making unified
threat management
by a team of highly skilled security specialists operating out of “Outsourcing all the knowledge and skills to a cloud vendor will
a key security tool security operations centres around the globe. “Enterprises are leave a skills gap should the need occur to bring offerings back
How unified threat finding it necessary to fight fire with fire by eliciting the help of on-premise,” says Piff. “Also keep an eye on the pricing, since it
management can be
a useful tool when ethical hackers, threat hunters and digital forensic investigators too is flexible.”
chosen correctly who have deep insight into cyber criminals’ tactics and ways that There is also the challenge of integrating cloud-based secu-
according to
business needs
they exploit vulnerabilities,” he says. rity offerings with on-premise security systems. To that end,
“If an enterprise is lucky enough to obtain these specialists, they Symantec’s Cunningham notes that many cloud-based security
Layer your approach
are finding it increasingly difficult to retain them because better services offer enterprises the ability to integrate with common
to web security offers and perks are always available. This puts the enterprise in a on-premise security information and event management (Siem)
Combining unified difficult situation because just one of these experts leaving to pur- and service orchestration platforms.
threat management
with other security sue another opportunity has the potential of crippling the entire But what is really needed is a shared security model, says Bruce
systems is essential security programme. The MSS model ensures expert support is Olson, director for worldwide public cloud sales at Fortinet.
to tackle threats
available and can scale as needed.” “A growing number of security vendors now offer cloud-
But IDC’s Piff warns that managed security services can based solutions that mirror tools available for local networks.
Choosing cloud-
be more expensive, with incident response and data being Standardising on a single set of solutions can reduce complex-
based security
services co-managed by a third party, and there could also be unique ity and enable the establishment of a single, consistent security
Cloud-based security challenges in data recovery. postures,” he says. “Make sure that these tools, whether local
helps reduce costs for
firms with a growing
or in the cloud, can be seen and managed through a single man-
cloud footprint Pitfalls and integration challenges agement interface to facilitate the collection and correlation of
For all their benefits, cloud-based services are updated as and threat intelligence and the ability to track and orchestrate uni-
when necessary by security suppliers. IDC’s Piff says this is not versal security policies.”
a problem if there is limited or no customisation, but organi- For software-as-a-service (SaaS) applications, Olson advises
sations often seek to customise systems to meet a perceived enterprises to adopt cloud access security brokers (CASBs) that
unique need, which can lead to problems. can be deployed either on-premise or in the cloud to establish
Also, consider that cloud is currently the most effective data- security policy enforcement points between cloud users and
centre operating model, and although IDC does not see anything cloud service providers to maintain security and inspect and
on the horizon to change this perception, other issues may arise
from a move back to an on-premise security infrastructure. continued on page 17...
computerweekly.com buyer’s guide 15BUYER’S GUIDE
Home
Making unified
threat management
a key security tool
How unified threat
The various types of cloud-based services
management can be
a useful tool when Cloud-based security services run the gamut of risks, from data Email security: Phishing, business email compromise and user
chosen correctly loss prevention and email security to identity and access manage- impersonation are the most requested functions when it comes
according to
business needs
ment. Here are the common services of most interest to enter- to email security. Targeted attacks are on the rise, and success-
prises and security professionals, as well as Sophos’s take on what ful breaches are often attributed to a phishing attack or an email
enterprises should look out for in each service. account being compromised by poor password use.
Layer your approach
to web security
Combining unified Identity and access management (IAM): Flexibility is key to an Intrusion management: Clarity on discovered events is key here.
threat management
with other security identity and access management system. Given the vast number of Many products provide a dump of all attempts made and do not
systems is essential authentication directories available and some being proprietary in classify the severity of the event. Look for tools that have a very
to tackle threats
nature, it would be advantageous if the IAM system could be made good signal-to-noise ratio, where the noisy, low-priority events are
interoperable with third-party resources. filtered down, with potentially threatening events highlighted.
Choosing cloud-
based security
services Data loss prevention (DLP): Passive discovery is important in Security information and event management (Siem): When evalu-
Cloud-based security data loss prevention. Many organisations start down a path of ating a Siem system, do not necessarily base your organisation’s
helps reduce costs for
firms with a growing
DLP without knowing where their data is, how it is being used or needs on a supplier’s capabilities. Instead, decide based on what
cloud footprint how it should be classified. Data classification can become such a your current security, gateway and authentication controls declare
roadblock in a DLP project that it makes many enterprises give up. as best for the information they generate.
Look for a DLP provider that can enumerate data and use rules and
artificial intelligence to classify the data and simply report on its Encryption: Although many organisations consider encryption on
location and how it is being transported. mobile devices’ hard drives, they also need to consider where the
data from that device could end up eventually. As such, ensure your
Web security: Core features of a web security product should be encryption supplier does not just encrypt the data on the disk, but
user and device identification, requested destination, content filter- offers a choice of encryption before it reaches the public or private
ing, secure session decryption, inspection and solid reporting. cloud, and most definitely before it is copied to removable media.
computerweekly.com buyer’s guide 16BUYER’S GUIDE
Home
Making unified
threat management ...continued from page 15
a key security tool
How unified threat secure data moving to cloud domains.
management can be
a useful tool when “As the use of SaaS applications grows from both enterprise and
chosen correctly remote locations, so does the need to enforce a consistent secu-
according to
business needs
rity policy at the user level. Cloud security must integrate security
controls from perimeter firewalls used to inspect all outbound
Layer your approach
traffic, including that generated by SaaS applications.”
to web security This gives enterprises an integrated view of their cloud and
Combining unified on-premise security posture, as well as a single feed and work-
threat management
with other security flow for incident response management.
systems is essential CSA APAC also recommends deploying software-defined
to tackle threats
perimeter (SDP) architecture as an alternative to a virtual private
network (VPN) for managing network security.
Choosing cloud- “SDP is able to provide the benefits of VPN – message confi-
based security
services dentiality and integrity – while overcoming the limitations of tra-
Cloud-based security ditional VPN products such as all-or-nothing access control to
helps reduce costs for
firms with a growing
the network.” it says. “It also allows organisations to have a cen-
cloud footprint tralised, policy-driven network security platform that covers their
on-premise infrastructure, cloud infrastructure and user popu-
lace, while reducing the attack surface.” n
CHAIWUTNNN/ADOBE
computerweekly.com buyer’s guide 17BUYER’S GUIDE
Home
Making unified
threat management
a key security tool Common cloud-based security services (1/2)
How unified threat
management can be Service Threats addressed Challenges Optional features
a useful tool when Identity and access ✓ Identity theft ✓ Lack of standards and ✓ Support for DLP
management ✓ Unauthorised access vendor lock-in ✓ Granular activity auditing broken down
chosen correctly ✓ Privilege escalation ✓ Identity theft by individual
according to ✓ Insider threat ✓ Unauthorised access ✓ Segregation of duties based on
business needs ✓ Non-repudiation ✓ Privilege escalation identity entitlement
✓ Excess privileges ✓ Compliance-centric reporting
✓ Delegation of
Layer your approach authorisations
to web security ✓ Fraud
Combining unified
threat management Data loss prevention ✓ Data loss/leakage ✓ Data may be stolen from ✓ Rate domains
✓ Unauthorised access the datacentre virtually or ✓ Smart Response (integrated remediation
with other security ✓ Malicious even physically workflow)
systems is essential compromises of ✓ Data could be misused by ✓ Automated event escalation
to tackle threats data integrity the datacentre operator ✓ Automated false positive signature
✓ Data sovereignty or others employees compensation
issues with access ✓ Unstructured Data Matching
Choosing cloud- ✓ Regulatory sanctions ✓ Compliance requires ✓ File / directory integrity via hashing
based security and fines certifying cloud stack at ✓ Integration with intrusion detection systems
services all levels repeatedly
✓ False negatives/false
Cloud-based security positives (tuning)
helps reduce costs for
firms with a growing Web security ✓ Keyloggers ✓ Constantly evolving ✓ Rate domains
cloud footprint ✓ Domain content threats ✓ Categorise websites by URL/IP address
✓ Malware ✓ Insider circumvention of ✓ Rate sites by user requests
✓ Spyware web security ✓ Transparent updating of user mistakes
✓ Bot network ✓ Compromise of the web ✓ Categorise and rate websites as needed
✓ Phishing filtering service by proxy ✓ Categorise websites for policy enforcement
✓ Virus ✓ Potentially higher cost of
✓ Bandwidth real time monitoring
consumption ✓ Lack of features versus
✓ Spam premise-based solutions
✓ Lack of policy granularity
and reporting
✓ Relinquishing control
✓ Encrypted traffic
SOURCE: CLOUD SECURITY ALLIANCE
computerweekly.com buyer’s guide 18BUYER’S GUIDE
Home
Making unified
threat management
a key security tool Common cloud-based security services (2/2)
How unified threat
management can be Service Threats addressed Challenges Optional features
a useful tool when E-mail security ✓ Phishing ✓ Portability ✓ Secure archiving
chosen correctly ✓ Intrusion ✓ Storage ✓ Web-mail interface
according to ✓ Malware ✓ Use of unauthorised ✓ Full integration with in-house identity system
business needs ✓ Spam webmail for business (LDAP, Active Directory, etc)
✓ Address spoofing purposes ✓ Mail encryption, signing and time-stamping
✓ Management of logs and ✓ Flexible integration
Layer your approach access to logs ✓ Data loss prevention (DLP) for SMTP
✓ Ensuring no access to and webmail
to web security
emails by cloud provider ✓ E-discovery
Combining unified staff ✓ Email system backup
threat management
with other security Intrusion management ✓ Intrusion ✓ Proliferation of SSL ✓ Central reporting
systems is essential ✓ Malware required by deployment in ✓ SIEM integration
to tackle threats public clouds adds ✓ Administrator notification
complexity or blocks ✓ Customisation of policy (automatic or manual)
visibility to network-based ✓ Mapping to cloud-layer tenancy
Choosing cloud- IDS/IPS ✓ Cloud sourcing information to reduce false
based security ✓ Complexity and positives and improve coverage
services immaturity of Intrusion ✓ Remote storage or transmission of integrity
Cloud-based security Management for APIs information, to prevent local evasion
helps reduce costs for ✓ Lack of tools to manage
instance-to-instance
firms with a growing
relationships
cloud footprint
Security information ✓ Abuse and nefarious ✓ Standardisation of log ✓ Heuristic controls
and event management use formats ✓ Specialised systems
✓ Insecure interfaces ✓ Timing lag caused by ✓ Physical log monitoring
and APIs translations from native ✓ Access control system monitoring
✓ Malicious insiders log formats ✓ Physical security integration (cameras,
✓ Shared technology ✓ Unwillingness of alarms, phone, etc)
issues providers to share logs ✓ Integration with call/ticketing system
✓ Account or service ✓ Scaling for high volumes
hijacking ✓ Identification and
✓ Unknown risk profile visualisation of key
✓ Fraud information
SOURCE: CLOUD SECURITY ALLIANCE
computerweekly.com buyer’s guide 19You can also read
