Resellers that have been charged with making sure their customers’ use of IT is secure face an ongoing series of challenges. Importantly, is the security in place good enough to counter today’s threats and if not, can the customer be convinced to invest more?
Vendor LogRhythm commissioned some research that we included in one of our reports, entitled Advanced Cyber-Security Intelligence (available free online to CRN readers), that underlines the scale of the problem resellers face. Only 19 per cent of the organisations surveyed said security spending was increasing as a proportion of overall IT spending.
However, threats are multiplying, and they are no longer generic and random but tailored and targeted. So the approach taken to IT security needs to change as well. In many cases it will have to be achieved without huge new investment. A starting point is to review what is in place already and gauge its effectiveness.
Traditionally, IT security has been deployed as a series of point products: firewalls to keep out intruders, desktop antivirus to protect the end user environment, spam filters to clean email, web filters to police use of the internet, and so on.
While all such products have their place, and they can counter old-style generic security threats, they are often not enough to fight more targeted threats and attacks.
Figure 1 (left): This chart shows answers to the question: "Do you proactively analyst the data generated by log management and SIEM products to identify breaches and conduct post-event forensics?" - Copyright Quocirca 2012
Detecting and mitigating these requires a broader approach. A good example is the Flame malware first reported and named earlier in 2012. Initial instances were not known to AV products that relied on signatures, so it had to be detected in other ways, such as by monitoring for unusual activity.
Flame worked by contacting as many other devices on a network as it could, then seeking out interesting data that it sent back to a command-and-control server. A server accessing a wide range of other devices on a given network and sending reports back to a suspicious IP address can be detected by monitoring both firewall and server activity logs in real time and recognising unusual behaviour.
That is what we mean by advanced cybersecurity intelligence. Many organisations already have the base technology for this type of detection, but may not be actually benefiting.
Early iterations of such products were for log management: the collecting and archiving of log data for long-term compliance reporting. These evolved to become what is termed security information and event management (SIEM), involving the collection of a broader range of data.
Next-generation SIEM (another term for advanced cybersecurity intelligence) comprises souped-up versions of such tools that can use the data in real time to protect against targeted threats.
Figure 2 (left): Responses to the question: "Has the percentage of IT budget spent on security gone up in the past five years?" - Copyright Quocirca 2012
We have found that organisations are optimistic -- perhaps too optimistic -- about their ability to protect themselves by having the right technology in place.
They must also recognise that the “right technology” is changing. This is not to say that point security should be ditched, but that individual products’ effectiveness should certainly be reviewed and rationalised - which should in turn free up some funds.
Current investment can be reviewed and more advanced capabilities recommended. LogRhythm, our report sponsor, is one such provider, as is IBM (via Q1 Labs), McAfee (via NitroSecurity), HP (via ArcSight), and Symantec, as well as specialist IT intelligence vendors such as Splunk. Resellers need an understanding of next-generation SIEM, the products and their capabilities.
Bob Tarzey is director and analyst at Quocirca
Infrastructure provider says international sales now make up 51 per cent of its revenue
Suzanne Chappell of TMS plans sailing venture after selling Oxfordshire-based TMS to acquisitive Chess
Withdrawal of credit insurance by some providers a 'reflection' of current challenge facing IT sector, according to MD Steve Soper
SMART's UK managing director joins Lenovo to boost SMB business