Why Converged Security matters: you locked all the doors but your window is open

Anyone remember Nimda, Code Red or Blaster?

 

At the time when Nimda and Code Red struck (2001) I was working as a web application manager. Within hours of the worms attacking, it was all over the news and within 24 hours we had web pages up, advertising enhancements to our security scanning service that could handle these new infections.

 

Fast forward to 2013 and the Target security breach.  Hackers began their attack some two months before they actually began to steal credit card data. On Nov 27th they made it into Target’s network, but it was not until Dec 18th – more than three weeks later – after being notified by the authorities, that Target publicly acknowledged the attack.

 

Keeping pace with the security threats

 

In essence, the bad guys are getting better and we are not keeping up. So how can a bunch of criminals defeat some of the most sophisticated technology available today? The reason is simple: the bad guys have moved on. They are no longer trying to break down the door or pick the front gate lock; they just come in through the open window. Research suggests that 84 percent of attacks occur against applications and that it takes 27 days on average to detect and remedy an attack.  It would seem that we are either looking the wrong place or don’t fully understand what we are seeing until it is often too late – or both.

 

Corporate IT is spending billions on anti-virus software, IDS and firewalls. But how many enterprises are spending any money at all in integrating security and monitoring or building security into their application development lifecycle? Unfortunately, the answer is not many. Research suggests that we spend five-times more on perimeter defense than on internal controls. 

 

For most IT organizations, IT security is in its own functional silo. This is like thinking that healthy living means you only need to go to the gym. If you smoke, drink excessively, eat unhealthy foods or live a stressful life, chances are you will get sick, even if you can bench 150 pounds or run a six-minute mile. Security is no different. The bad guys will find a way in unless security is approached holistically and woven into the entire IT value chain.

 

This is why Converged Security matters.

 

 

So what is Converged Security? This is best illustrated visually

 

 Miron_why converged security matters pt 1.png

 

Converged Security brings security practices, disciplines, considerations, processes and tools into “mainstream IT” to help organizations become proactive in reducing the risk to their businesses.

 

The pillars of Converged Security

 

We, at HP, have identified 4 main use cases for Converged Security:

  • Secure asset lifecycle management
  • Augmented cyber operations
  • Security  compliance & automated remediation
  • Secure application  lifecycle management

 

In the following blogs, I will expand on each of these use cases and describe them in more detail.

Labels: security
Comments
mikeshaw747 | ‎06-05-2014 07:35 AM

Nice post, Miron.

 

It's interesting to notice that you talk about the need for IT Ops and Security to have a "single version of truth" - which is essentially the same as saying that they have shared models and shared views onto the states of those models. They don't necessarily need to see the same details of each model of its state, but they must both be looking at the same model.

 

This is EXACTLY the same point made by Shamim Ahmed in the post below yours on Dev Ops. In order to achieve continuous "everything" from build thru to run, we must have the same model and the same view onto the state of that model. 

 

I think that one of the key point with Dev Ops is that it's very difficult to get anything continuous unless you have automation. And the key cost, the work "hump" we have to get over, in order to get automation is modeling that automation. And automation is based on the models we have - the model of the app, the model of what and how we test the app, and the model of what we have put the app onto when it goes into production. 

 

Once we have a common model, augmented as we go from build thru test and into production, modelling the automation becomes as easy as it can be. 

 

Mike. 

MironMizrahi | ‎06-06-2014 06:33 PM

thanks for your comments, Mike.

I am not surprised Shamim's post and mine put forward similar views. We both have been, for a while now, talking about the IT Value Chains, and we are not alone. This paradigm has been validated with customers through the joint work done in the IT4IT Consortium. The main thrust is that there are 4 value streams which form the underpinning of any IT organization. Models and data and how different entities such as defects, service requests or incidents are processed along the chain is central. So you are right in your statements about a common model. But there is more than that. The value chain approach is what makes automation really deliver value.

If you look at IT as a manufacturing company you begin to realize that while pockets have been automated, in reality the impact is often muted since automation was not implemented with an end-to-end view. DevOps is case in point. While the Dev side has automated and optimized, apps are not getting to users much faster. This is not because the Ops side is not automated but rather because it is not autmated where it is needed. The IT value chains give you this end to end view that everyone can align to, bearing in mind that alignment is not just on process and hand off points but also on KPIs and metrics.

I have elaborated on this topic in a white paper called "From futile to agile".

This is why I am saying that Security cannot just be an overlay. You need to look at the IT value chains and figure out where and how you will integrate security in a manner that will allow you to be proactive. When security "happens" because it is built into the value chain, it has much better chances of success

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.