There's an old Irish proverb, “May you be in heaven half an hour before the Devil knows you're dead,” that has special relevance to IT security these days. Over the past couple of years we have seen a rapid transformation of IT security threats from relatively slow moving, mass infection phenomena focused on inconveniencing IT operations to fast, stealthy, hit-and-run attacks targeting economically and national security sensitive data. While a multi-billion dollar industry has grown up to defend enterprises and consumers from mass infection security threats, the IT security industry is still in the early phases of coming to terms with targeted, under-the-radar threats that may do damage that victims may never discover.
These attacks succeed for three reasons. First, the attacker knows much more about victim's IT infrastructure than the defender does. Second, the attacker understands that the faster they can move in, steal data, and disappear, the more likely it is that victims will never know that they have been ripped off. Finally, the task of securing IT assets (hardware, software and the data they process) has become a complex, expensive undertaking that many organizations prefer to avoid.The imperatives for IT are straightforward. First, gain deep real-time visibility into every asset on your infrastructure. This not only will reduce or eliminate the target knowledge advantage enjoyed by your adversaries, it makes possible the second imperative: Reduce remediation and change latencies to as near zero as possible. While this strengthens the first line of defense — closing off known vulnerabilities, a.k.a. disasters waiting to happen — it can also enable you to see and shut down abnormal behaviors as they play out. Finally, automate and consolidate systems management and security processes wherever possible. This cuts complexity, cost, and opportunities for error.
I know these recommendations sound like very tall orders or things that your so-called trusted advisers have not told you, I can assure that commercially available technologies exist today that provide a solid foundation for instilling the disciplines of visibility, speed and process efficiency. Getting to heaven is something no one can promise, but keeping the IT security demons in a state of ignorant impotence is definitely on the agenda.