A new vision of security for the device tsunami
Philippe Courtot, president and CEO, Qualys
We are at a critical point in the security industry. The number of internet-connected devices is increasing exponentially and faster than anyone can manage or secure them. These devices – from GPS systems in cars to medical monitoring bracelets to smartphones – give us unprecedented abilities to communicate, increase the velocity and reach of our businesses, and are changing our lives in ways we cannot even predict. This “internet of things” also opens more doors for remote attacks and can do serious damage on corporate networks, and we can see it in the barrage of security breaches disclosures we read in the press.
Traditional enterprise software-based computer security measures are rapidly becoming ineffective against the proliferation of attacks coming from the internet, which is now at the core of our ability to conduct business and our daily lives.
In my RSA keynote, we will discuss why and how security must follow the cloud-oriented architecture model that corporations are now adopting to improve their business effectiveness, as security is now a problem of scale and speed. This is a result of the internet morphing under our very eyes into a massive network comprised of hyper-connected networks, and thus increasing exponentially the attack surface and the scale at which organizations must protect their networks.
People are mystified by the cloud and uncertain where their data actually resides. That's why security professionals have not yet fully embraced the cloud as there is a lot of confusion about what the cloud or cloud computing really is. Yet cyber criminals leverage cloud technologies to increase the reach of their attacks.
After all, cloud computing is an architecture and we have the natural tendency to confuse it with delivery models, such as SaaS or IaaS or PaaS, that leverages cloud technologies to deliver computing power at an unprecedented scale. In less than 50 years, we have seen the mainframe architecture era, the client-server architecture era, and now we are entering the era of cloud-oriented architecture.
So let's look at this architecture. We now have almost infinite computing and storage capabilities in backend servers that can sit in either corporate data centers or within a service provider. These systems collect and feed data and services to infinite number of devices that people and businesses can use anywhere on the planet. Security must follow this model. It cannot be bolted on anymore as we have done, for the most part, during the client-server computing era.
Rather, we must now devise large backends that can collect, analyze and correlate in quasi-real time all the information pertinent to the security and compliance of all the devices that connect to our networks. We must introduce the notion of continuous security where we continuously analyze the traffic coming in and out of our networks and sub-networks, as well as having agents whenever possible on these devices that connect to our networks from anywhere. Such agents must be lightweight and invisible, like security sentinels watching for malicious or suspicious activity in the background. We can call them cloud security agents. Their task is to analyze incoming traffic and suspicious activity on these devices, and report them back to the cloud backend for analysis and taking action, just as our immune system protects our body from diseases.
Unlike the traditional enterprise software agents, cloud agents, once installed, are remotely managed from the cloud and do not require user intervention. We must also devise broad scanning capabilities to be used in conjunction with devices and applications where agents cannot be installed – similar to scanning capabilities dolphins have developed over time: very sophisticated sonar that first sends a low frequency beam to discover schools of fish and then sends a high frequency beam to discriminate the type of fish. Such scanning capabilities also need to be continuously or frequently performed to identify rogue IT assets and maintain an accurate inventory.