The context-aware security lifecycle and the cloud
Ofer Wolf is the CEO at Sentrix, a provider of cloud-based web security solutions. In this interview he talks about the challenges of delivering enterprise-grade security, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.
What are the challenges of delivering enterprise-grade security to a modern organization plagued by a seemingly endless variety of threats?
Websites are getting larger and more complex every year. Hackers are more sophisticated. Databases, web servers and CMS, contain vulnerabilities that are not under the organization’s control, yet hackers can easily exploit to these flaws to compromise their websites. In this landscape the challenge is delivering a solution that is manageable, without compromising on high-end security.
This starts with deployment. In a 2014 report Gartner points out that organizations with fast-changing Web applications sometimes never progress beyond the learning period. This learning period – the process of “educating” the security solution and creating the required policies, is complex and can take months to complete.
A second challenge is ongoing management. Conventional security requires admins to maintain a complex and unmanageable security policy. Multiple security rules are created around each web asset and alerts are generated frequently. Managing thousands of rules and alerts is simply impractical. It de-focuses the entire operation and allows attacks to sneak in.
Alternative approaches based on attack signatures and blacklists are easier to deploy and manage, but their level of protection is insufficient for an enterprise, because threats that are not on the blacklist can bypass them, making them vulnerable to zero-day attacks. The challenge is in creating a solution that is both manageable and secure.
What’s the role of the context-aware security lifecycle and what are its benefits?
Context-aware security is aimed at delivering enterprise-grade website protection in a manageable way. The term refers to protecting a Website by understanding its functionality and leveraging the power of the cloud.
Conventional website security is based on examining incoming traffic without considering the intended functionality and context of the incoming requests. Take, for example, a request to a login field vs. a request to download a PDF. Conventional website security solutions would treat both requests in the same way: they would examine them for malicious patterns, signatures, IPs or may filter them through a whitelist policy. When a bad request is identified the solution will generate an alert to the security manager, who then reviews it and makes a decision on how to act. This forces security staff to review hundreds of notifications every day, or thousands during an attack. It is virtually impossible to manage security effectively in this manner.
Context-aware security treats requests based on their context. The first stage is scanning the website and mapping its functionality. In the second stage, many of the potential requests are pre-generated in a cloud replica of the website. Going back to our previous example – the request to download a PDF will be served from a cloud replica without ever accessing the customer’s original back end. So in this example whether a request is legal or malicious it will not reach the back end and generate a potential alert/ attack.
This approach reduces the amount of information that security admins need to process by over 90% and frees them to focus on business critical issues. Websites that required over 10,000 security rules using conventional security solutions can now be protected with less than 20. This Context-aware approach to security is delivered simply, without compromising on the level of risk reduction achieved and while shortening deployment time from months to only days or even hours.
How is the cloud shaping the modern security architecture?
The cloud is a main driver for modern security architecture. I’d like to point out 4 aspects:
1. Cloud-based security distances the defense activity from the organization. It allows implementing a new and more effective architecture, which neutralizes most of the threats outside the organizational network before they pose risk to an organization’s assets.
2. The cloud is elastically scalable. Cloud security solutions can scale up according to actual load and need while providing a robust and cost-effective infrastructure at an affordable budget.
3. Cloud security solutions offer additional business value in the form of performance boosts, traffic and application optimization, by offloading on-premise infrastructure, and by serving requests from the nearest geographic location.
4. Cloud solutions deploy faster, reduce maintenance efforts, and eliminate the lengthy planning, setup and maintenance processes that were required for conventional on-premise solutions.