The challenges faced by IT security professionals today include nebulous boundaries and constantly evolving security policies, the advent of the Internet of Things (IoT), the explosion of globally addressable IPv6 end-points and its impact on IoT; the diffusion of Bring Your Own Device (BYOD), the spread of wide-ranging heterogeneous network devices, cloud services and infrastructure.
A security breach is not a matter of if, but when. It is imperative that organizations shift their security mindset from ‘incident response’ to ‘continuous response’, where systems are assumed to be compromised and thus require persistent monitoring and remediation.
This can be achieved by deploying an Adaptive Security Architecture (ASA), which has a goal of containing active threats and neutralizing potential attack trajectories. Gartner defines an ASA along four security capabilities:
- Prevent: policies, products and processes that prevent a successful attack
- Detect: controls designed to identify attacks that have evaded the preventive measures and
reduce the threat amplification - Respond: approaches to shrink the attack surface, slow the rate of the attack and reduce
remediation time. - Predict: capabilities that enable the organization to predict attacks, analyze security trends and
move from a reactive to a proactive security posture
Adaptive Security Solution Overview
Adaptive security solutions use adaptive and dynamic operational approaches to maintain the integrity of enterprise data, systems and their survivability. To this end, the key objective of an adaptive security solution-based infrastructure is to detect, contain and respond to cyber threats before they cause
damage by:
- Shifting from “incident response” to “continuous response”
- Moving to a “unified” or “integrated” detection, response, prediction & protection capability
- Reducing the surface and velocity of attacks
- Reducing the Mean-Time-To-Detect Threats (MTTD) and the Mean-Time-To-Respond to Threats
(MTTR) - Implementing a continuous response-enabled operations (SOC)
Moreover, adaptive security infrastructure provides the ability to take remedial actions such as quarantine of resources for forensic purposes so that the ecosystem can learn from the breach, the provisioning of other resources to replace affected systems, enabling service continuity and the application of corrective measures as needed.
Adaptive Security Solution Capabilities
Adaptive security solutions protect high-value enterprise assets by defining and dynamically deploying software-defined security polices to permit, restrict or completely block communication among these in response to varying threat conditions and provides the fine-grained control over configuration and enforcement of policies.
Adaptive security solutions provide integrated software-defined security platforms enabling adaptive security architecture that can adjust and respond to existing and new threat conditions. They enable the cohesive orchestration and management of people, processes and technology into a “unified” Threat Lifecycle Management (TLM) framework necessary for the early detection and mitigation of advanced cyber threats.
Adaptive security platforms provide a mechanism to identify early-warnings of impending threats and the ability to automatically implement remediation. By combining the strengths of both a security intelligence platform to detect and remediate threats across the stack and ability dynamically micro-segment the environment, the platforms provide a security capability which enables continuous monitoring, threat detection/remediation and multiple layers of defense while enabling altering defensive posture relative to the level of risk – “Adaptive Software-Defined Security”.
Gartner’s “Adaptive Security Architecture” proposes four “integrated” key capabilities including “preventive”, “detective”, “responsive” and “predictive” capabilities to combat advanced cyber threats. Adaptive security solutions deliver on this promise by combining these capabilities in an integrated offering, protecting against not only known cyber threats, but also against new and unknown threats.
Interface Masters Technologies’ embedded network appliances are scalable network security platforms capable of supporting physical or virtual stand-alone IPS as well as integrated IPS and NGFW deployment options. The Interface Masters appliances feature off-the-shelf server hardware technologies to enable a fully converged, NFV-based virtualized infrastructure designed to support high-performance and secure IPS services. The embedded appliance platform also includes foundational software and open interfaces for management and orchestration, simplifying operation and enabling easier integration. From a deployment perspective, the Interface Masters NFV Platform can be equipped to support IPS applications in enterprise, small-business or branch office environments.
Interface Masters supports a full-range of network hardware security options including FIPS 140-2 (cryptographic security, levels 1-4), tamper resistant switches capable of detecting all forms of physical intrusion, mechanical enclosure designs capable of preventing probing and internal component visibility, battery backed real-time clocks with 10ppm accuracy, and off-the-shelf Trusted Platform Module (TPM) ready devices.
Interface Masters Technologies has for over 20 years been providing off-the-shelf innovative networking solutions with customization services to OEMs, Fortune 100 and startup companies. We are headquartered in San Jose, California in the heart of Silicon Valley where we proudly design and manufacture all of our products. Based on MIPS, ARM, PowerPC and x86 processors, Interface Masters appliance models enable OEMs to significantly reduce time-to-market with reliable, pre-tested and pre-integrated appliance solutions that can meet the most challenging networking requirements.