It is always interesting to hear from those "at the coalface" of enterprise IT about their concerns and thoughts about the industry. It's easy for those of us who make our living opining on the state of IT to come up with analyses, but it is those who are actually responsible for IT security who have to shoulder the burden of their organization's security expectations.
So it was interesting to read a recent survey published by security vendor Bromium that looked at security professionals' views on the biggest risks facing organizations and the effectiveness of existing security solutions.
As the world takes new approaches to infrastructure, application design, and data access, security organizations are facing increasingly complex challenges to keep the business safe. As such, it is perhaps unsurprising that security practitioners have some real concerns about the ability for traditional approaches to meet the needs of modern organizations.
The survey, taken from an admittedly small sampling, came up with some interesting, and concerning, findings. The results show that confidence in traditional detection-based security solutions, such as antivirus and firewalls, is at an all-time low, and people are more interested in prevention-based security solutions. Some notable takeaways include:
- 92% said they have lost confidence in the ability of traditional endpoint protection solutions, such as antivirus and white-listing, to detect unknown threats like zero-day attacks.
- 58% of respondents believe that prevention, such as hardening and isolating systems, is the most foundational aspect of security architecture.
- When asked to select from a list of security solutions, 58% consider endpoint threat isolation the most effective solution at preventing cyber threats.
Of course, these findings play right into Bromium's value proposition. The company has a novel approach towards security that essentially moves away from threat detection by introducing the concept of the microviser, a standalone and fully encapsulated container within which discrete operations take place.
By utilizing this approach, Bromium can let attacks run their course, secure in the knowledge that those attacks aren't able to impact other parts of the operating environment. As I said, these findings play into the core Bromium value proposition, but even outside of the self-interest, some interesting issues are being raised here.
"The frequency and magnitude of high-profile data breaches is causing organizations to lose faith in detection-based solutions, such as antivirus," said Clinton Karr, senior security strategist at Bromium. "Information security professionals are turning instead to technologies that provide proactive protection, such as threat isolation, as the foundation of their security architecture."
This idea of creating the smallest possible risk area, and letting said risks run their course, is gaining widespread favor. According to Gartner analysts Neil MacDonald and Peter Firstbrook, in a report entitled "Designing an Adaptive Security Architecture for Protection From Advanced Attacks," the best approach for organizations is to harden and isolate systems:
"We believe the foundation of any information security protection architecture should start by reducing the surface area of attack by using a combination of techniques. These techniques limit a hacker's ability to reach systems, find vulnerabilities to target and get malware to execute."
This move towards isolation is a difficult one for many security professionals to conceive of. They have, for the longest time, seen threat detection and mitigation as the best possible defense against attacks.
Slowly, however, the orthodox viewpoint is being replaced by something more pragmatic, and security professionals have begun to realize that they are fighting a losing battle. This idea of threat isolation is winning favor as the most logical response to an ever-increasing risk profile.
This article is published as part of the IDG Contributor Network. Want to Join?