Real-Time Monitoring and Analysis Is Key
Real-time monitoring and analysis is keyI believe that data protection must dramatically and fundamentally change if enterprises want to protect their most valuable assets (see my January 2011 research brief). It is no longer safe to protect only your endpoint. It is now mandatory to encompass a fresh approach where all data is monitored and checked before exiting the corporate firewall, and evaluated as to whether or not it should be made available to the outside world (including to "trusted" remote users). This requires high-speed packet interception, examination and evaluation-which must be done in real time if protection is to be effective. It's why many of the security companies such as McAfee and Symantec are moving to more cloud-based interactions. It's also why companies such as Cisco and Juniper are becoming security companies as well as network infrastructure companies. Employing this changing landscape of security technologies is even more critical as companies adopt a cloud-centric position. Companies that provide cloud-based access-whether through internal servers or via a service provider-must have a network-based "watchdog" service or they'll face an increasing amount of escaped data and undetected exploits. To provide such services, RSA has announced that it is purchasing NetWitness, a company that monitors all data packets over the network, deconstructs the packet and evaluates the contents based on predetermined rules. It then prevents or allows the data to exit the corporate network-all in real time. In fact, RSA used this technology to discover and stop the attack on SecurID in near real time. Data monitoring and remediation in real time is what is required to secure data in our hyperconnected world by scrutinizing data content and behavior and stopping any breaches before they escape-regardless of the human or technology errors that allow it to happen. Other cloud services-based providers-for example, Cisco, Microsoft and Amazon-must have a similar solution or face a competitive disadvantage (and expose a huge security hole). Of course, RSA, which is owned by EMC, will no doubt make this capability a key component of EMC's cloud-based offerings. Organizations concerned with security must demand such services if they are to protect their data from loss. Private clouds (for example, those behind the corporate firewall) must include a real-time data monitoring component to provide next-generation security and data leakage prevention. The bottom line Enterprises will have to migrate to newer models of security in the never-ending fight against increasingly sophisticated hackers and growing data loss which may even go undetected. While traditional endpoint solutions will not go away, they cannot prevent the phishing/human error APT and zero-day attacks becoming more common. Real-time packet monitoring-to evaluate and control data on the network-is the next important step in securing corporate assets. It must become a component of all enterprise security operations-especially in cloud-based systems. This is the only way to discover and stop the increasingly sophisticated attacks emerging from well-funded, expert hackers. Jack E. Gold is the founder and Principal Analyst at J. Gold Associates, an IT analyst firm based in Northborough, Mass., covering the many aspects of business and consumer computing and emerging technologies. Jack is a former VP of Research Services at the META Group. He has over 35 years experience in the computer and electronics industries. He can be reached at firstname.lastname@example.org.
This real-time monitoring and analysis is the key to ensuring future security against new age data breaches, but which very few companies currently have in place. It's nearly impossible to prevent human error-created invasions such as this one where a user opened an infected file. No traditional, PC-installed antivirus or antimalware solution (for example, McAfee and Symantec) prevents this. As these so-called Advanced Persistent Threat (APT) attacks become more sophisticated (often through sponsorship of state-funded actors or other well-financed hackers), the types and amount of data loss will grow.