In the process, I often communicate with the Chief Information Security Officer (Chief information Security Officers, CISO) from all over the world, and their businesses face different information security environments, and the security concerns vary. But overall, their obsession with information security is focused on the following four questions:
1. Cloud Application Security
Today, more and more enterprises are migrating enterprise applications to the cloud, and more use public cloud applications, including common email services, public cloud disks, and public social software to handle their work. These cloud applications are often not covered by enterprise security systems, and can be compromised by cyber attacks at any time. How to manage these applications and reduce risk has become one of CISO's most concerned issues.
2. Advanced Sustainability threat (APT attack)
Among all the security threats, the most worrying thing for businesses is apt attacks. This is not only because apt attacks often target sensitive business information and personal data, such as credit card information, and are extremely destructive. Also because apt attacks are often customized for specific targets, high concealment, latent cycle long, very difficult to be the enterprise's security system to intercept in time.
3. Project Management
Data journaling, reporting, and project management have long been a key task for IT administrators, and this work will become even more important as big data and IoT evolve, as businesses urgently need to find out what data is abnormal and what data is a sign of cyber-attack intrusion such as apt. Research firm Marketandmakets says the network security information and project management (SIEM) market will grow from $2.47 billion in 2014 to $4.54 billion in 2019.
For Ciso, the mastery of too much but disjointed attacks is not even harmful. Enterprises should learn how to find real security threat information efficiently and accurately from the massive network data, because this is the necessary precondition for the enterprise to intercept the threat.
4. Compliance
Security standards are an important part of protecting digital assets, but ensuring that it processes conform to security standards is a huge burden for enterprise IT departments. This is primarily due to the complexity of the security specification, which, in the case of PCI standards, requires 12 steps, including firewalls, encryption, anti-virus, authorization, logging and monitoring, and system testing. Furthermore, compliance has become extremely difficult due to the increasing complexity of business processes and the iterative nature of compliance standards.
The key to solving the problem: establishing a perfect information security architecture
After careful analysis, we can find that to solve these four problems, the key is to reconstruct the information security structure. Organizations need to build a framework that integrates security hardware, software, and communication across different segments of the network to address the seamless and comprehensive defense of threats and attacks from different planes of cloud-to-IoT.
Cloud computing is an extension of the enterprise network and needs to be paid special attention. Enterprises should deploy a security detection and management strategy that covers the entire network to gain insight into the flow of data across the network, whether it is a privatized deployment or a public cloud, a traditional it architecture or a cloud architecture, wired or wireless access.
In order to effectively deal with apt attacks, enterprise security deployment needs to go beyond the traditional firewall boundaries, even beyond the traditional multi-layered defense measures. An effective APT defense framework is best used for effective isolation within the firewall, which restricts the ability of malicious programs to roam from one network to another. When firewalls are combined with real-time, intelligent threat detection scenarios such as sandboxed and endpoint security solutions, APT attacks can be detected and isolated in a timely manner.
Another way to detect apt attacks is through excellent full-network traffic capture log mechanism-internal and external combination-analysis log to achieve. Therefore, a security model that can quickly alert threats, across devices, users, content, and data, and gain insight into network traffic, will be very useful.
In addition, such a security architecture can be used for a single cooperative policy that optimizes the recording process by documenting each process rather than multiple processes. In this way, documenting process analysis becomes simpler, helping companies to understand the patterns of network traffic and uncover real threats.
In compliance, most CISO have followed a specific approach (such as PCI, ISO27001/2, NIST Network security architecture) to mitigate network risk. An ideal security architecture should allow all deployed firewalls to provide better compliance status and security maturity assessment, which helps CISO discover the weaknesses of network security and take appropriate action to compensate.
For CISO, knowing what users are connecting to the corporate network is the key to understanding the security posture of the enterprise. A comprehensive security architecture helps IT staff manage all network assets, set security goals, and then audit security policies across all nodes.
A sound security architecture helps to address the fifth distress of CISO-protecting their investment in information security. This security architecture is developed in conjunction with network-based elements and is inherently not obsolete. Individual network components can change with the threat of cyber security, but the solid foundation laid down by the security architecture will continue to play an important role and protect your network over the coming years.
Why security architecture is the key to resolving the Ciso five major problems