This is the third in a series of three articles and videos featuring Tom Corn, SVP of security products, discussing the present and future of cybersecurity.
A new, expansive vision for cybersecurity is now coming into focus. Building on the advances that network virtualization and cloud technology have enabled for new preventive measures, the focus is now turning to the other half of the security puzzle: detection and response. Similar to the way cloud and virtualization led to new approaches to prevention via micro-segmentation, they also open the door to new approaches for detection and response.
Through a Glass, Darkly
To date, the model for detection and response has been primarily focused on the threat: understanding and identifying malicious behavior or content, and either in-line filtering or manually responding. On its own, that approach is enormously challenging. From a detection perspective, threats are constantly evolving. They’re often difficult to understand from any single point, and the analysis required can be nondeterministic, making it difficult to do in real time. From a response perspective, it’s difficult to create “actionability,” for example, to understand relevance, urgency, and options for response. And the response itself is often a heavily manual process, one that is prone to errors and collateral damage.
There is an opportunity to simplify this problem by focusing on understanding “good” or intended behavior, and identifying when runtime behavior differs from intended state. There is also an opportunity to increase the level of automation in response to threats.
Virtualization can provide the key to unlocking this ability. It provides a unique position from which to see both intended and runtime state, to see the infrastructure through the lens of the application, and to automate response mechanisms.
Leveraging the cloud and virtualization allows organizations to focus security on the application. Corn’s team has been hard at work building new technologies that will enable application-focused detection and response. This will be “a huge step forward,” Corn says. “Advances like this are bound to shift the conversation from only being about, ‘How do we secure virtualization?’ to the more profound, ‘How can we leverage virtualization to secure our critical applications?’”
Watch the video to hear more from Tom Corn about today’s biggest security problem, and to learn about VMware’s architectural solution.