Staying secure in a dangerous age:Beyond reactive cybersecurity solutions Posted on October 6, 2016 by Tim Burke In my recent posts, I’ve focused on some of the top security threats faced by anyone trying to keep their business data and systems safe. Besides app attacks, web attacks, social engineering exploits, and ransomware, there’s plenty more to be concerned about – the challenges of trusting devices and sensors that are part of the Internet of Things (IoT), breaches that steal huge swaths of “big data,” and the frightening vulnerabilities of industrial control systems. Too many reactive cybersecurity solutions? In response to so many security threats, countermeasures abound. Consider this list of cybersecurity solutions, which are regarded as basic and necessary for just about every enterprise: Mobile security Effective software patching policy Encryption Firewalls Antivirus/anti-malware Identity/access management (with strong authentication) Intrusion detection Unified threat management/real-time monitoring Endpoint protection Insider threat monitoring Data loss prevention Content monitoring and filtering Backup and disaster recovery plans and capabilities An incident response plan Yet, even these necessary tactical security tools are no longer sufficient. Why? Because they are inherently reactive, which means a cybersecurity event can’t be detected until it has happened. The new cybersecurity:Proactive, predictive, built-in, and automated But what if vulnerability-plugging security measures could be baked into app design? What if you could anticipate cybersecurity events before they occurred? What if you could have context-aware components and an ability to adapt your infrastructure to avoid threats? Turns out that we’re getting there. Direct application monitoring and defense. When security capabilities are designed into applications rather than layered on later, apps can actually perform certain essential security functions, notably authentication, authorization, and configuration. Such direct application monitoring and defense means you don’t need to know so much about which applications to monitor, how to monitor them, or what might be derived from the data they use. SIEM: proactive, predictive protection. Security Information Event Management (SIEM) aggregates event data produced by security devices, applications, systems, and network infrastructure. This is combined with contextual information about users, assets, vulnerabilities, and threats, then correlated and analyzed in real time. As SIEM improves its threat intelligence, anomaly detection, behavior profiling, and predictive analytics, its ability to detect otherwise unseen security breaches and provide proactive, predictive protection grows. The security operations center. Cybersecurity lags when it’s siloed. To effectively anticipate and thwart attacks, threat intelligence needs to be shared as quickly as possible; machine-to-machine is best. A holistic, intelligence-driven security operations center based on an adaptive architecture and context-aware components can integrate the many parts and layers of your cybersecurity efforts – functioning, in effect, as a cybersecurity force multiplier by delivering new levels of visibility into your infrastructure. Powerful stuff, but unless you have plenty of cybersecurity expertise on staff, don’t try to do this on your own. Seek out an experienced cybersecurity consultant for help.