Why Traditional Security Approaches are Inadequate In The Age of Digital Transformation
Reducing cyber attacks is an increasingly important business imperative because attacks can seriously cripple an enterprise. According to Foundry research, cybersecurity protection is the top business initiative that drives IT investment for 2022, with 49% of respondents indicating so, up dramatically from 34% from the previous year.
And yet, 9 out of 10 IT and security leaders believe their organization is falling short in addressing cyber risks.
Why doesn’t it add up?
There is no question that rising malware and ransomware attacks are causing wider and deeper damage, resulting in costly business disruptions and noncompliance. Costs in remediation, reputation damage, ransom, and fines are increasing, which means the impact of the attacks are becoming more damaging. To fight back, enterprises are spending more budget on security solutions. But more security solutions don’t necessarily solve the problem.
The key piece of the puzzle is how to understand – and thus protect – a much broader and more complex attack surface. Because you can’t manage and secure what you can’t see.
This complex attack surface is created by the proliferation of applications, devices, users, data, and the extension to cloud and edge computing – all as a result of the transformation to provide digital experience to customers, suppliers, and employees. The interconnected nature of the applications, devices, users and data – the relationships and dependencies – is what drives a digital enterprise.
However, this same web of relationships and dependencies also creates a myriad of exploitation paths internally and externally, leading to a bigger and more vulnerable attack surface. This is exacerbated by identity sprawl and increased remote work across different geographies and constituents. Today’s malware and ransomware attacks are a lot more sophisticated, aiming for a blast radius as big as possible. For example, attackers find ways to reach more sensitive data and other high-value assets within a network (“lateral movement”), beyond the entry point of a breach, from application to application. These exploitation paths within the digital estate become the attack surface of an enterprise. Not securing the attack surface means exposing your enterprise to cyber attacks that can result in the aforementioned unexpected disruptions, outages and negative business impact.
And it’s precisely because of this web – this constantly shifting and expanding attack surface – that traditional infrastructure security and protection approaches are insufficient, no matter how many solutions you throw at the problem.
Why are traditional approaches inadequate in the age of digital business? They have silo’ed view of the infrastructure, provide a limited asset inventory view without any business context, and do not account for all the constantly changing relationships and dependencies between the interconnected applications, users, and data. Information about the relationships are often limited to within the applications. Existing security solutions that protect the applications are not able to protect the interdependencies because they cannot see them, or they only provide a partial view of the relationships. As mentioned, you can’t protect what you can’t see. Without a unifying view of the relationships and dependencies – across the different environments and also within each domain – it’s impossible to understand the big picture, identify all the security gaps, and enforce protection policies. The blind spots allow security vulnerabilities and noncompliance gaps to persist.
Currently, enterprises deploy conventional, static, manual approaches to stitch together uncorrelated log data from network and infrastructure platforms, resulting in partial visibility and incomplete insight. This approach is difficult to implement, hard to scale, and provides suboptimal static insights into complex and dynamic IT environments, lacking the business context to how the security vulnerabilities affect your enterprise. For example, the outage of a payment processing application can impact the outage of a string of revenue-generating applications. But without understanding the relationships and dependencies, you may not understand the impact of one outage.
It’s obvious that a new approach is needed. Enterprises need to manage and reduce their risks and attack surface by finding, inventorying, and visualizing their application relationships and dependencies continuously, quickly and accurately. We advocate a step-by-step approach to provide this visibility:
- Discover and visualize every application, every identity, and every relationship (and data flows) across the enterprise environment, including on-premises, hybrid and multi-cloud environments. These relationships form the attack surface and should be mapped in detail. This step is foundational.
- Observe the interactions across all of these entities to establish a baseline of what is normal to understand the relationships and behaviors of applications, services, and users in the environment over time – the “observed reality.” Use this to determine what is happening across and within the attack surface, what apps should be taken offline or access limited, and what security policies should be automatically/dynamically computed, changed, or retired, all based on the baselined relationship behavior.
- Establish, test and verify consistent application-centric access control policies that are orchestrated to existing platforms to natively enforce security across existing infrastructure and applications, based on desired behaviors and deviations from the baseline. Use these policies to 1) limit attack surface 2) protect critical applications and 3) prevent lateral movements that can increase the blast radius of initial breach.
Ultimately, improving cyber resiliency depends on understanding and protecting the relationships and dependencies within an attack surface.