Despite enterprises spending more and more on cybersecurity, the frequency and impact of data breaches and cyber-attacks continues to grow. Analyst forecasts expect global cybersecurity spending to keep growing between now and 2022. Data breaches not only occur more often than ever before, but also incur rising costs on affected organisations. That begs the question: are business and IT leaders investing in the right defences?
The answer lies in how enterprises prioritise their security spending. VMware’s internal analysis suggests that up to 80% of all enterprise IT investments go into purely reactive security measures – in other words, playing catch-up with threats that we are seeing emerge and evolve at a faster pace every day. The result: constant bolt-on additions to endpoint security with limited integration and enterprise-wide visibility. As a result, enterprises end up with a patchwork of point defences that proves increasingly costly to maintain and increasingly porous to more sophisticated threats.
For enterprises to fix cybersecurity, they need to embrace it at the very foundational level of their infrastructure by “baking it in” to their network, apps, containers, and every other element of IT operations. By turning their infrastructure into its own best defence, IT leaders can significantly shrink the threat surface of their organisations and cut down the frequency of successful attacks for good.
Simplify security – beneath the surface
Most enterprise security strategies, as mentioned, rely heavily or exclusively on endpoint products and perimeter defences. Intrinsic security, on the other hand, revolves around embedding security principles into the DNA of different infrastructural elements – particularly the network. After all, if we secure the network, threats can be stopped before they compromise apps or data.
How can enterprises establish a universally secure network fabric that does this? Network virtualisation makes doing so significantly easier, giving IT consolidated visibility and control over all elements of the network. If the software layer that governs the network remains secure, so too will all the other infrastructure elements that it connects. Doing so also allows for far greater automation of security processes and principles, minimising the risks that human error or incongruous practices will create vulnerabilities in the network.
As organisations embrace cloud as the “new normal” for their infrastructure, securing these cloud-native environments – what we call the virtual cloud network – will need to increasingly take place at the platform rather than endpoint level to be effective. Enterprises need a platform that can provide truly intrinsic security all the way from cloud to endpoint via the network, a task that will involve bringing together existing strengths in network virtualization with investments in cloud-native security and analytics technologies. But at a more fundamental level, the enterprise community must not only consider where their security capabilities reside, but the basic principles by which those capabilities work.
From chasing the bad to protecting the good
Currently, most solutions “chase the bad,” which means searching for and combating malicious traffic or behaviour where it occurs against or within the organisation. That, however, requires these solutions to recognise what “bad” means, a process that becomes harder and harder as malicious actors constantly improve the speed and sophistication of their attacks. The ongoing success of Day 0 attacks and Advanced Persistent Threats, both of which rely on their behaviours not going recognised by cyber defences, suggest that even the most well-resourced reactive solutions cannot catch up with their adversaries.
The alternative: proactive security solutions that focus instead on “protecting the good.” Instead of trying to identify malicious activity, more proactive solutions only permit apps and behaviours that they know to be safe and genuine. Virtualisation software, encompassing all elements of infrastructure and apps within the organisation, can quickly learn what this “known good” behaviour entails – a good example of intrinsic security in action, where the infrastructure itself contributes to its own defence.
Such approaches not only greatly shrink the attack surface available to even sophisticated threats, they also minimise the enterprise’s reliance on constant updates to threat signatures and knowledge bases. Cybersecurity teams no longer need to invest huge amounts of resources trying to identify and counter the latest threats: the network itself automatically blocks anything that it does not recognise as good behaviour, no matter how innocuous it may appear.
How possible is intrinsic security?
Many commentators and indeed vendors will claim that no security solution is perfect – which is true. Intrinsic security, however, offers not another solution but an entirely new way of thinking about cybersecurity – one which can in fact render breaches and successful attacks the rare exception, rather than the increasingly accepted norm. Achieving intrinsic security will take time and investment, particularly in virtualisation that connects across clouds, networks and applications to define and protect the “known good” of any organisation’s behaviours. But enterprise leaders should remember that most threats exist because today’s platforms and systems weren’t designed with security in mind. Intrinsic security reverses that oversight and brings enterprise infrastructure back to how it should have been: secure from the very start.