Petya Petrova - Fotolia

Digital Darwinism unkind to those who wait, says Palo Alto

As business-driven digital transformation, including the move to cloud, continues apace, companies need to rethink their approach to how they deploy and consume security, or risk being left behind

In the context of digital transformation, digital Darwinism is unkind to those who wait, says Dave Allen, regional vice-president for Western Europe at Palo Alto Networks.

“The rise of Netflix and the fall of Blockbuster is one of the classic examples of the fact that in some shape or form, natural selection does occur,” he told attendees of the Palo Alto Networks Cloud Security Summit in London.

However, Allen said it is important to recognise that cyber security is the foundation for the safe enablement of the digital revolution.

“And in this regard, Palo Alto’s philosophy is prevention-based because the aim of the game has to be to deny the benefit to the attacker. It’s about preventing them from getting in, but if they do, they must not be able to get out with anything useful.”

Palo Alto Networks believes there are four key components to this approach to cyber security in the cloud, namely visibility, reducing the attack surface, preventing known threats and preventing new threats.

“Visibility is the foundation for all security,” said Allen. “If you can’t see something, then you can’t do anything about it, so complete visibility is essential.”

“Reducing the attack surface is about minimising the number of ways adversaries can attack, which includes applying the principle of zero trust to ensure only the right people have access to data.”

Preventing known and new threats

Preventing known threats, said Allen, is about having all the defences in place for the malware known to be hitting organisations, while preventing new threats is about finding ways to detect and block attacks that use malware and techniques that have not been seen before by the security community.

“Our focus on prevention remains consistent and we are building capability around all of these things on an ongoing basis,” he said, challenged by the fact that the enterprise network perimeter has dissolved and cloud-based applications are increasingly accessed from a growing variety of devices.

However, Allen said many organisations are still trying to work out how they are going to go about digital transformation, and when it comes to security, there is a tendency to seek to apply traditional, internal controls to the external world of cloud-based services instead of changing their approach and thinking.

“This is extremely ineffective for handling cloud, mobile and the way people are actually working in the modern enterprise, and as a result, they end up with fragmentation and complexity from the security side and the infrastructure side, manual processes that rely too much on humans leading to reduced efficiency and errors, and a mixture of application architectures as more things are being built with the cloud and using things like containers rather than virtual machines.”

All of this makes it difficult to ensure people are working safely and securely, said Allen. “Security ends up becoming a visibility and a big data game, and how to apply ‘smart thinking’ to those.” But many organisations are struggling to get an accurate overview, he said, due to the large number of disparate tools they have, all generating thousands of alerts each week.

Read more about cloud security

Correlating all these sources of security intelligence is difficult to do manually, which is also prone to error, said Allen. “Most organisations do not have the capacity and, as a result, there are gaps because these things are not integrated.

“Instead, organisations should be looking to use integration, automation and orchestration to improve security and free up the cleverest security people to concentrate on the most difficult and challenging issues and investigations.”

The right approach, according to Palo Alto Networks, is to combine good prevention capabilities with behavioural analytics and visibility across all layers of the stack.

“Great prevention is about coordinating detection with everything using a policy and ecosystem that is continually adapting to change, behavioural analytics is about being able to detect potential malicious activity by identifying anomalous behaviour associated the endpoints, and visibility everywhere is essential,” said Allen.

In line with this philosophy and approach, he said Palo Alto is looking at the deployment of physical and virtual firewalls on the networks, deploying forensic analytics on endpoints, and a range of compliance reporting and analytical and remediation capability in the cloud.

“All that data goes into a data lake, and that is really when we start to drive visibility to every area, and by stitching all the data and investigations together, we are able to provide integrated, very specific and narrowly focused alerts, while allowing us to do other things automatically around the environment.”

Enforcement point

Another way of visualising this, said Allen, is to think of every security control as a sensor that is collecting data to feed into the Palo Alto Networks data lake that is used for analytics based on smart security algorithms, while at the same time acting as an enforcement point for policy by imposing restrictions and driving better behaviours.

“The model going forward is for organisations to deploy the sensors so that they can leverage the analytics and visibility to develop capability on top of that, and that capability becomes an application – a security app that can be consumed on the framework Palo Alto Networks has deployed.

“So the point of consumption is easier and the ability to dry test and remove is easier. That’s the way we believe security needs to be consumed going forward to avoid ending up in the mess that will result from doing things the old way,” he said.

Other benefits of this approach, said Allen, are that it enables organisations to bring it all together with common policy, governance, reporting, automation, orchestration and correlation, even across a multi-supplier environment.

“Ultimately, [the vision is that] over time, this will lead to a self-functioning, self-healing system, where information security professionals only spend time on the things that need human, creative investigation and intervention. 

Read more on Cloud security