Securing the enterprise is getting harder and harder. Infrastructure is rapidly becoming virtual, applications and workloads are moving to the cloud, endpoints are largely the property of the worker, and mobility has now become the norm. Add in the fact that businesses are rapidly becoming digital organizations where the reliance of IT is at an all-time high, and it's easy to see why a security breach today is exponentially more damaging than just a few years ago.
However, despite the evolution of servers, networks, and storage, security really hasn't kept pace and evolved along with the rest of IT. Security is fighting the good fight, but they're working with Stone Age tools. It's like in the Star Trek Original Series episode, The City on the Edge of Forever, where Kirk ordered Spock to construct a "mnemonic memory circuit using stone knives and bearskins." No matter how smart the team is and how hard they work, security teams can't keep up because the security technology hasn't evolved.
The recent breaches into these high-profile organizations have made many business, IT, and security professionals question how they can keep up with a threat landscape that seems to be growing exponentially. After all, if those businesses can't protect themselves with the amount of time, money, and people they throw at security, what chance do other organizations have to protect themselves from hackers? The fact is, they don't. In fact, based on track record, the big brands that overspend don't either.
One of the problems is that IT has changed so much over the past decade, whereas security really hasn't. A decade ago, perimeter-centric security was sufficient as there was a single ingress/egress point for information moving into and out of the organization. A combination of firewalls, intrusion detection/prevention devices, and other edge devices were used to protect the perimeter. Today, everything has changed. Workers bring in personal devices that are used everywhere, including highly insecure public Wi-Fi, and then bring them into "secure" environments. Also, hackers are getting smarter. Why go through hours and hours of writing malware to break through a firewall when instead a hacker can get around it? As an example, a well-known retailer was breached when a partner network was hacked and gave access to the point-of-sale systems. Like most businesses, the retailer felt the partner network was secure and the connection was considered a "trusted" network. The flaw in the thinking was that trusted networks and systems just don't exist. They never have, but they are now becoming entry points for hackers.
Another factor is just how the nature of IT has changed. More and more applications are moving to the cloud, causing businesses to allow branch offices to directly connect to the internet. Also, the number of workloads (virtual and bare-metal servers) is at all-time high. Migrating those workloads can also distribute malware to different parts of the environment. Public cloud services and software defined networking has certainly increased the agility of computing operations, but it can potentially increase the speed at which malicious traffic propagates throughout workloads.
The reality is that the attack surface that can be infected is exponentially larger today than it was just a few years ago, and it will continue to grow at that rate. Additionally, when a breach occurs, the "blast radius" of the attack can be enormous as so many systems are tied together today.
As the Internet of Things becomes more widely adopted and businesses continue to introduce more and more devices to the network, the level of complexity will continue to grow at a rate faster than security departments can keep up with. Adaptive security can mirror the environment and spin up, spin down, migrate, and evolve as things change.
I believe we're just starting to see the evolution of security to be more agile, adaptive technology. This should finally give businesses a fighting chance to keep up with the bad guys.