Evolving threats: how to defend the border enterprise

Defending the Border Enterprise

New business and IT trends are causing serious disruptions in how we approach information security. With corporate identities under siege, a single successful login is no longer a sufficient way to attain trust.

While in the past there was a defined perimeter around important information – today that perimeter is virtually non-existent.

Cloud, workforce mobility, BYOD and Software-as-a-Service (SaaS) platforms have dissolved the traditional boundaries while adding to the headache of potential points of breach IT departments have to work out in securing assets they don't own or operate.

Defending the enterprise

A different type of defence must be implemented to adapt to this new normal and secure a borderless enterprise from an ever-changing threat landscape.

More specifically, as an organisation's employees become the front line of cyber attacks IT departments today need a system of identity access management (IAM) that is more dynamic, agile, intelligent and risk-aware: in short, adaptive IAM.

Whereas traditional IAM approaches guarded stationary perimeters around data largely in one, centralised location, adaptive IAM creates a dynamic "situational perimeter" that patrols and safeguards against attacks by enforcing security wherever users interact with corporate data and resources – not only across various devices and platforms, but throughout the entire process of interaction.

Multi-vector attacks

Today's advanced threats and multi-vector attacks (the different methods in which employees can be targeted i.e. through malicious emails, accesing wireless networks on smart phones, chatting on social network sites etc) can strike at any moment during the user experience, and many of today's IAM solutions are too primitive to spot suspicious behaviour.

IAM systems today assume that users providing correct credentials at first log-in can be trusted, but the fact is that establishing trust cannot just be a one-time thing.

While convenience must be placed at the centre of the operations, users are acclimatising to the idea of signing onto multiple websites when using online "passports", such as their Facebook ID, Google sign-in or Microsoft account.

It's just a matter of time before people expect similar or even greater levels of integration when signing into corporate IT services.

The Basic Principles

So how do we achieve this new level of responsive, adaptive, intelligent security? The concept rests on four basic principles:

  1. Creating rich user profiles drawn from many attributes that can independently corroborate the trustworthiness of users and their activities in real-time against a historical baseline, with significant deviations from "normal" behaviour signalling security problems.
  2. Providing intelligence through big data analytics that can assess risk, detect problems and interrupt users attempting unsafe activities.
  3. Monitoring and risk-based intervention should be implemented to keep track of what users do after initial authentication, and adjust access controls to measured risk levels.
  4. Consumer-level convenience must always be top of mind, meaning identity controls and risk assessments must occur behind the scenes, intruding upon corporate end users only when necessary.

While these principles are fairly straightforward, the path to adaptive IAM will not necessarily be a quick or easy one. Companies must rethink the way they think about security to take into account the way their employees are interacting with company data.

Employees are no longer accessing information on one central server from the PC; they are interacting with it at home, on the go and from a pool of devices that grows every day.

In reality, we are likely a few years from this IAM ideal, but progress is being made and more importantly, the charge has been set forth. IAM solutions must adapt as fast as the rapidly changing threat scenarios they protect against.

By implementing an IAM solution that is adaptable, intelligent and dynamic, we can establish effective, situational perimeters around the borderless enterprise and arm ourselves for the front lines of today's cyber security battle.

  • Sam Curry is Chief Technology Officer, Identity and Data Protection business unit and Chief Technologist for RSA.
Sam Curry

Sam Curry is CSO at Cybereason and has over 25 years of IT security industry experience. He has 2+ decades as an entrepreneur, info sec expert and executive at companies like RSA, Arbor Networks, CA , McAfee, Cybereason, and more. Sam is dedicated to empowering defenders in cyber conflict and fulfilling the promise of security, enabling a safe, reliable, connected world.