Until recently, the cybersecurity industry was a disparate group of vendors claiming their respective solutions, tools, systems, modules and platforms would ensure bulletproof protection against malicious cyber activity.
But the “bad guys” always seemed to find a way around the “impenetrable” barrier, matching or eclipsing the vendor's technology with their own sophisticated and devastating attacks.
The fact is, unlike the prodigious, single-purpose viruses and attacks of a decade ago, today's attacks are more complex and employ thousands of slightly different threat components that easily elude detection by traditional security measures. The result: compromised digital infrastructures and continued fears of all-out cyberwarfare.
The response has been to augment current solutions, add more modules and tweak existing technologies. This has resulted in somewhat better security management, yet has still not been sufficient.
The latest trend in fighting cybercrime is actually a coalition of forces — an "ecosystem" — comprising strategic alliances, technical relationships, and partnerships among leading security companies and systems integrators. This ecosystem is designed to provide a holistic approach to security using both loose and tight integration of complementary products, technologies and services.
When network operators purchase solutions based on a company's risk assessment and vulnerability analysis, they may select firewalls, intrusion detection systems (IDSs), security information event managers (SIEMs) and network behavior anomaly detection (NBAD) systems. Each holds merit, but also faces challenges:
- Firewalls represent an indispensable shield to deploy, but they require knowledge of attacks to be effective, and are therefore vulnerable to zero-day threats and sophisticated attacks. Furthermore, they have no visibility into the attack preparation, propagation, result and identity of the attacker.
- While IDSs are capable of detecting zero-day attacks, they still do not provide visibility into attack preparation, propagation, intent, identity and effectiveness.
- SIEMs enable the operator access to alerts, events and logs on network elements and links through a consistent central interface. The events can be parsed for significance as they are collected by the solution and alerts and notifications can be immediately sent out to interested parties as warranted. Unfortunately, SIEMs are not generally designed to provide security protection, as they were built for enterprise networks.
- NBAD systems can correlate and analyze raw traffic flows and routing events, and are complementary to traditional signature-based security software and SIEM systems. They are capable of detecting a wide range of abnormalities and threats targeting data and routing, and are designed to correlate and process millions of events per second in real time. Yet, current NBAD systems are solely based on SNMP data, traffic flow records and routing events. They lack the deep visibility into traffic packets and the knowledge of the attacker's identity.
Network and security operators have sometimes chosen to install these solutions incrementally, which leads to a dispersion of information across many products that do not interact with each other, and a large operational investment to manage and maintain a complex infrastructure.
Clearly, no single vendor and solution can possibly offer the technology and services required to cover the vast needs organizations. To address these gaps in protection and offer customers a more complete solution, security vendors are now leveraging their partners and technology alliances to form this ecosystem.
Assembling the coalitionIn an ecosystem model, security vendors interoperate, extending their value through partnerships and combining the best of network forensics, SIEM, deep-packet inspection, visualization, data warehousing, data mining, anti-malware and others with their own solutions.
Their complementary solutions provide a holistic approach to network protection and threat management.
However, technology alone is not sufficient to fight cybercrime. The industry needs to come together as a whole to address gaps in technology, train new cyber warriors and develop processes that are critical to ensure security.
This intra-industry cooperation also means more value for customers — and it even changes the way vendors may be evaluated. A vendor working within an ecosystem offers its customers an extended network of partnerships and solutions that provide a layered approach to security. Instead of a single solution protecting their network, customers have the benefit of many, which ensures a more complete and multilayer approach.
