Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Building a smarter defense with situational intelligence tools

Contextually aware security platforms are growing in importance as employees access corporate assets through more devices and across more locations.

In a digital economy that runs on speed, the difference between a thriving business and one that is just treading water comes down to how well -- and how quickly -- the organization adapts to change. The most successful companies turn to technology to drive innovation and to accelerate progress. Mobility, cloud computing and social media top the list of tools companies tap to create more accessible, engaging and responsive businesses.

Employees, partners and customers can now connect to corporate resources from virtually any location. This dynamic environment expands collaborative opportunities and lays the foundation for businesses to compete more easily in new markets. There is, however, a significant downside to this free-flowing, open model where traditional perimeters that once provided hardened asset protection no longer exist.

To that end, the central question, so long focused on proving identity, now begs to have more situational intelligence added to the mix.

IT struggles with how to balance the demand for accessibility with the requirement to protect valuable and sensitive IT assets. Identity is an essential element in this equation. Naturally, identity has always been an important part of the information security picture, providing a mechanism to ensure that only authorized users who could prove their access rights could gain entry. In today's more fluid environment, password and other static controls are no longer sufficient.

Instead, IT needs more situational intelligence to verify the users who should be granted access. Increasingly, companies are moving toward deploying more dynamic security technology and services that apply what are often called context-aware techniques. These use environmental and other circumstantial data to parse out whether a user should be allowed access or might in fact be a real threat. By the same token, this kind of contextual information can also provide crucial information about the security and integrity of external resources, such as websites that may harbor potentially malicious content.

Context-aware platform capable of examining a variety of factors to ensure identity

Static security measures such as PINs and passwords provided adequate access in centralized IT environments where workers logged in from corporate computers managed on-site. But the prospect of external threats became more prevalent once businesses leveraged the Internet and began to create more distributed operating environments.

Conventional and widely used controls such as passwords can be easily hacked and rendered wholly ineffective as cybercriminals hijack systems, compromise data integrity and steal or leak information. The parallel from the physical security world is a thief stealing a combination and gaining access to a vault. This applies in the online world as hackers develop faster and more sophisticated ways to quickly bypass controls and gain entry into sometimes critical resources.

Employing contextual security and situational intelligence

Boosting advanced persistent threat detection

Focusing on app-centric security

The role of data classification

To that end, the central question, so long focused on proving identity, now begs to have more situational intelligence added to the mix. Increasingly, businesses are looking to add contextual information to help validate that whoever is accessing resources is authorized to do so. More security vendors and providers are promising to develop context-aware security that adds crucial environmental and other data to help prove identity and rights. For example, a context-aware security platform will examine a variety of factors -- from device type and password to the location of the user logging in -- to verify if the log-in request is genuine or perhaps is being generated by a hacker who has commandeered another user's credentials.

A range of security options are incorporating context-aware capabilities anchored in device ID matching, reputational analysis and location recognition to protect data in more dynamic environments. The hope is that as businesses replace more static platforms, they will upgrade to next-stage firewalls, Web security gateways, next generation firewalls, intrusion-detection and intrusion-prevention systems (IPSes) and other approaches that incorporate contextual features.

Sophisticated security platforms aid in both wired and wireless environments

Though context-aware security is probably most often associated with protecting access to corporate devices in a bring-your-own-device environment, adding situational intelligence is helpful in virtually any scenario today -- wireless or wired. For example, IT can deploy a next-generation IPS that takes into account both the vulnerability of a particular server or other device and the value of the data associated with it to create a more finely-tuned rule set.

Context-awareness can also be applied by secure Web gateways that use URL reputation information to ensure a website's trustworthiness. This is a particularly useful safeguard against phishing-related attacks, where a user might click on a link embedded in an email that connects to malicious content. The Web gateway -- unlike other mechanisms that might not understand the dangerous nature of the site -- will recognize immediately if there is an issue with the Web page and block access.

This type of situational intelligence provides the data essential to preventing an attack, and is exactly the sort of dynamic information that more conventional security solutions lack. Context-awareness offers a more nuanced view of an increasingly complex and fast-evolving threat environment. Armed with this intelligence, IT can not only build more proactive defenses but also recognize and deflect an attack before damage is done.

This was last published in March 2014

Dig Deeper on Network Security Best Practices and Products

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Are situational intelligence platforms providing you with the security you believe you need?