Adaptive Security: Changing Threats Require a New Paradigm for Protecting Cyber Assets

Contributed by Tech Mahindra

As organizations continue to embrace the digital evolution, a growing number of assets are being connected to the Internet. In fact, most organizations are now using — if not relying on — cloud-based applications to power operations. With this shift, IT infrastructures have become more distributed. Applications are now accessible from anywhere and personal devices are being used to conduct business. Together, these realities have blurred the boundaries of the traditional network perimeter.

Attackers operate under a host of motivations — from hacktivism to monetary gain. No matter their intent, attackers benefit from the trend toward distributed IT, which increases the threat surface. Gone are the days when bolt-in and “afterthought” security architectures were sufficient. Static firewalls and intrusion detection or prevention solutions (IDS/IPS) woven around the asset simply cannot provide adequate protection. Such approaches work only in cases where they are fed with known protocol behaviors and known attacks. That’s because static firewalls and IDS/IPS solutions are not aware about the assets they protect. They are in the dark about network behavior — and are unable to protect against emerging attacks.

If those approaches don’t work, what does? Tech Mahindra sees a need to realign security architecture by focusing on ensuring application availability and preserving user experience while protecting applications from both volumetric DDoS attacks and exploitation of vulnerabilities. In designing such a strategy, there are two important prerequisites for success:

1) Know your assets. That includes such components as web interfaces, mobile interfaces, databases, development and test cycles, operating systems, where applications are deployed, and by whom and from where the infrastructure is being accessed. Understanding these variables is an important requirement for reducing the attack surface within in the environment.

2) Map your risks — and take steps to reduce them. Often attack activity goes unnoticed for a significantly long period of time. Thus, it’s crucial to understand attackers: how attacks have evolved over the time, which direct and indirect strategies an attacker might unleash against assets and, as much as possible, the hacker “mindset” to help in identifying attacks that may have gone undetected and thwarting future attacks.

With applications updated frequently, development and test cycles have shortened, and workloads have become very dynamic. In many organizations, time-to-market pressures, lack of resources and lack of awareness and focus on security converge to create security gaps in applications. As a result, it has become critically important that security be highly adaptable — with continuous adjustments to address fast-changing applications and ever-changing threats. With an adaptive security approach, an organization can establish an effective security architecture for mitigating threats — both known and unknown.

Read more: