Protecting the Boundaryless Enterprise
August 26, 2015 • Blog Post • By HPE Matter Staff Writer
It's quickly becoming clear that security touches every area of business. Pretending otherwise is foolhardy, especially in light of the number and variety of breaches weve seen recently. From Target to Home Depot to Sony and more, cyberattackers are stealing data in what seems like record volume.
And yet corporations still aren't doing enough to protect themselves. In an Osterman Research report from last summer, 45 percent of ex-employees surveyed said that months after leaving they still had access to sensitive corporate data.
Admittedly, offering secure anytime, anywhere access isn't easy. Sue Barsamian, senior vice president of HPs Security Products business, says getting the balance right starts with understanding how the threat landscape has changed over the past two decades.
"In the early days of cybercrime, attackers lived in college dorms and hacked for attention. Nowadays, were dealing with nation states and cyber terrorists, a very different and more serious set of adversaries," Barsamian says.
Also, their motivations vary. From mining credit card information to ransoming sites that depend on a certain level of confidentiality, Barsamian says that cybercrime is now "big business." How big isn't exactly clear, although in one extreme case, a cyberattack group with ties to China, Russia and other parts of Europe is reported to have robbed more than 100 banks in 30 countries, getting away with more than $1 billion in cash since 2013.
Yet cybercrimes aren't always about the money. Sometimes attackers are after intelligence. Barsamian points to recent events at the University of Virginia. There, attackers penetrated the school's systems in order to gain access to the email inboxes of two employees whose work has a connection to China," a spokesperson told The Daily Beast.
New world security: interactions, not borders
Borders are another key difference today - corporate networks no longer have them. "It used to be simple. Companies managed a corporate network that housed all the applications and data. Employees accessed the networking using managed devices," Barsamian says. "Everything was very easy to control."
Now, in the world of BYOD, employees routinely log in from mobile devices that are not managed by the corporation. Or they log in from a caf using open Wi-Fi, tunneling through an unsecured network. IT managers rarely get to see and directly control the infrastructure they're being asked to secure.
So what does one do in this environment? Favor interactions over infrastructure. Specifically, Barsamian says security for this sort of boundaryless enterprise requires tracking and defending the "interactions among users, applications and data," regardless of location or device involved.
Analytics leads to a big data opportunity
The volume of interactions is growing exponentially, creating a level of noise in our pipeline of big data that has to be managed effectively if were going to allow big data to achieve its true potential for the enterprise. Thats where analytics come in.
Take, for example, the fact that organizations receive an average of 17,000 malware alerts per week, and spend an annual average of $1.27 million in time and resources responding to inaccurate and erroneous threat intelligence.1 Due to the volume of data that enterprise security professionals must monitor, approximately four percent of all malware alerts are actually investigated,2 leaving a significant gap in security coverage.
When advanced security analytics are brought to bear, however, that gap becomes far less overwhelmingand with solutions like the ones coming from HP this week, organizations are able to reduce false positives by a factor of 20 over other malware detection systems.3
Making the analysis of security data a more manageable and productive task is critical to the success of the enterprise as the number of interactions grow.
Protecting your digital enterprise: the time is now
For it's part, Gartner says that we will be running 25 billion IoT connected devices by 2020. Thats 25 billion potential interaction points and attack platforms for security teams to track and manage. IT managers seem to already be gearing up for the shift. A January 2015 report from Piper Jaffray indicated that 75 percent of CIOs interviewed planned to increase IT security spending for the year, up from 59 percent in 2014.
Wherever those dollars end up goingfor beefier firewalls, smarter analytics, or something else entirelyone thing is for sure: security will change at least as much over the next five years as it has over the past 20.
"Security is such an all-encompassing issue that touches literally every aspect of a company," Barsamian says. "Most business leaders get that. The ones who don't, will get it before longand maybe much sooner than they think."
Today, a global threat marketplace collaborates and innovates to attack organizations 24/7. Its time to think like a bad guy. HPE draws on decades of enterprise security experience and industry-leading solutions to help businesses identify and neutralize threats while preparing for the next battle. Together, HPE and enterprises arent just reacting to the changing threat landscape. Were proactively countering the adversary to win the war.