Right time for a security management platform
Date: Wednesday , April 02, 2008
While the older threats continue to prevail, newer types of sophisticated threats, attacks, and breaches are evolving. In the last 18 months, ID/information related breaches have grown at a rapid pace and people have successfully stolen data from major companies. According to the CSI Research, in the year 2007 targeted attacks have risen up to 18 percent of the over all attacks in the market. That is a major growth since the single-digit growth we had seen previously. Targeted attacks will continue to grow and will be a major worry for enterprise customers, especially large companies.
Irrespective of the size of an organization, every computer that is connected to the network is under attack nowadays. Recent research shows that a computer connected to the internet is attacked once every 30 to 40 seconds. Information theft fetches lot of money in the black market. A credit card with a decent amount of limit will easily fetch $200 to $300 in the black market. For example TJX breach where almost 90 million credit cards were compromised, that can result in hundreds of million of windfall in profit for ID thieves. As long as there is a black market, and miscreants are able to sell and realize significant profit from these kinds of activities, security threats will only continue to rise.
The cyber criminals use a variety of mechanisms to steal data. This just does not happen in an hour or a day, but takes place over a long period of time. Therefore it has become a herculean task for enterprise security teams to identify and prevent these problems, especially since most of the tools they have deployed are not geared towards identifying new types of breaches. They are efficient enough only to identify one piece of the breach but don't really provide the ability to watch the entire process. By looking at only sub-segments of this activity, they are not able to correlate and identify exactly what is happening. The only way to ascertain the activity scrupulously is to use advanced tools that can look at a variety of data in the network, correlate, and analyze to identify pattern and anomalies. The only way one can confidently identify these kinds of breaches is by looking at different data silos or different data sets.
In the current economic environment, companies are tightening their IT budgets. Security teams are asked to do more with less. Companies are asking their network monitoring and security operations teams to collaborate with each other. Just as point solutions were introduced for network management in the past and then evolved into platforms (OpenView, Tivoli and Unicenter) by combining multiple functionalities in a single solution so that customers can gain operational efficiencies, I believe the same thing will happen in the security management space. In the last 8 to 10 years we have seen whole bunch of different types of security solutions being introduced in the network-firewall, IDS, IPS, Spam system, spyware system. Along the way plethora of security management solutions have been introduced. The problem is they are all individually focused solution. When you have a whole plethora of solutions, you are faced with management complexity, inefficiency and increased cost. So I believe the time is ripe for a security and risk management platform.