TITLE
1
TITLE
The second platform world that we are transitioning from today could be reasonably well-controlled by IT departments. Key corporate applications and data stores sat inside our own data centers. There was a well-defined and well-known set of users for our apps. There was a clear distinction between internal and external networks, and a small number of ingress and egress points. IT Security could defend a well-defined perimeter by using preventative tools like anti-virus, firewalls, and IDS. These tools could use static rules and signatures to effectively stop threats. And we could effectively implement and apply policies and governance across the environment.
But this perimeter-bound, prevention focused approach is simply not effective in today’s IT environments. To improve customer service and collaboration, the business opened up access to customers, partners, and other third-parties. Employee access has started to look a lot like third-party access as the corporate-owned PC has been supplanted by BYO mobile devices as the preferred way for users to access information and applications. More and more applications are delivered as a service, or run in a cloud-based data center outside the organization’s boundaries, and some of these services may be “shadow IT” initiated by the business outside of IT’s view and processes as they seek to gain rapid access to new capabilities that will help them innovate and compete better.
3
TITLE
Becoming Intelligence Driven starts with a focus on managing risk. An understanding of risk allows us to prioritize our scarce resources and ensure our activity is aligned to business priorities.
It then requires three core capabiliites:
First is VISIBILITY. We need to collect as much detailed data as we can about what matters in defending the business: Sources of risk, what’s happening on our networks, identities – who is on our networks and their behaviour, and the transactions against our key applications.
Second is ANALYSIS. Analysis turns the data we collect into actionable intelligence. We need to understand what our normal state looks like, and quickly spot deviations from the norm that may indicate threats or malicious activity. Analysis is greatly enhanced by context, which allows us to make better sense of anomalies we detect.
Finally, we need the ability to take rapid ACTION, based on our analysis, that enable us to enable the business or protect it from damage or loss.
5
TITLE
7
TITLE
9
TITLE
11
TITLE
13
TITLE
15
TITLE
The benefits of adopting an Intelligence-Driven approach are significant:
First, because it is RISK-DRIVEN, it ensures that you prioritize activity and resources appropriately
It’s INCREMENTAL and ACHIEVABLE, you add new capabilities that improve your maturity over time
At the same time, it’s highly FUTURE PROOF, by providing visibility, analysis, and action around what matters in today’s IT environments, you can respond to changes in the threat or risk landscape without always having to add new products
And finally, it’s AGILE, being able to confidently protect critical assets enables the business to embrace risk and take advantage of new technology and IT-driven opportunities.
17