Platform Security is comprised of tools, processes, and an umbrella architecture that provide security for an enterprise’s entire computing platform.
Platform security often rely on a unified bundle of hardware and software that protect both traditional IT infrastructure and software-defined hardware, storage, and network components along with the operating systems and applications that reside on those platforms.
Platform security is differentiated from layered security approaches where each layer or system had to manage its own security. Platform security systems instead secure the entire IT platform centrally, thus securing each layer in an IT environment along with the component pieces of each layer.
Platform security reduces or eliminates the need for multiple point security products, which also reduces the burden of managing and maintaining multiple security solutions for the platform.
There are several benefits of adopting platform security approaches.
There is one major drawback to platform security. Since it is comprehensive and spans all layers of the infrastructure, a breach can target each layer and then make the entire platform vulnerable.
Use Cases for platform security solutions include
Threat Hunting. Platform security solutions help advance the SOC with sophisticated detection that combines custom and cloud-native threat intelligence, automated watch lists, and simplified integrations with the rest of the security stack. This allows organizations to remain ahead of advanced threats.
Ransomware Protection. Platform security helps stop currentand future ransomware variants by constantly monitoring event streams that are related to ransomware attacks. Additionally, platform security solutions can trap ransomware of many types including file-less and otherwise unknown versions, all before the payload can be deployed. This can prevent attacks on critical files before it can occur.
Anti-virus Replacement. Since time is of the essence when battling cyber-attacks, platform security reduces the exposure to ongoing threats including advanced and persistent threats enabling organizations to move rapidly to ameliorate virus attacks. Platforms like VMware Carbon Black empower enterprises with higher levels of control and visibility, enabling remediation on any endpoint from a central console with intuitive commands, presenting a single, unified security stack.
For decades, cybersecurity has been the number one challenge for IT professionals. In the security arms race where bad actors continually create new attack vectors to widen the threat landscape, security professionals have been creating a broad range of offerings from Antivirus to Zero-trust in an effort to keep ahead of possible disaster.
The result has been the creation of numerous point solutions that are targeted at specific security threats, and although each category has its best-of-breed leaders which by themselves may be relatively easy to deploy, the result can be a hodge-podge of security offerings that lack the ability to fully integrate with each other to form a comprehensive multi-vendor security stack that offers end to end protection.
This presents several challenges of its own. First, there is the ever-growing cost of adding multiple licenses for multiple products as they reach the market.Secondly, the management burden on IT and security professionals is multiplied, as these teams struggle to fit round pegs into square holes to integrate solutions not designed to work together. Finally, the need to support an ever-growing list of security solutions demands that IT and security pros are constantly being educated on emerging solutions, including retraining when new product versions are released and regression testing to ensure that upgrades and updates do not break existing integrations in the security stack.
To overcome these challenges many security vendors are adopting an integrated, all-in-one security platform approach that addresses these challenges. This becomes increasingly important in the age of containerized, microservices based applications which often are comprised of a number of physically dispersed cloud-based and on-premises infrastructures, parts of which the enterprise has little or no control over.
Security platforms integrate all types of security technologies, both specific to the platform vendor and other third-party functionality. This enables security professionals to improve the speed and efficiency with which they perform their jobs, enables better collaboration through ease of integration, enhances IT visibility into potential security issues for more peace of mind.
A good example of platform security based on a solution is VMware Carbon Black Endpoint, which consolidates multiple endpoint security capabilities using one agent and console, helping enterprises operate faster and more effectively. Many endpoint solutions include endpoint detection and response (EDR) which protects against those threats that evade basic controls.
Next-generation firewalls (NGFWs) are another type of platform security that combine intrusion prevention, integrated threat intelligence, traditional firewalls, and application awareness into a single comprehensive platform.
Other types of security platforms include
In general, security platforms contain several essential elements:
Incident Lifecycle protection. Although every platform has an emphasis on threat prevention, they must also have the capability to detect an incident when it occurs and provide remediation through a response mechanism, including the collection of telemetry for analysis in near-real time.
Adaptability. Since most attacks now rely on advanced tactics such as lateral movement and island hopping, platforms most analyze system events to determine if an anomaly is occurring, thus preventing attackers from abusing legitimate tools. This can help spot minor fluctuations that are hiding malicious attacks and prevent them from deploying their payloads.
Single Pane of Glass. Every security component in the platform should be accessed through a central management and reporting system that includes reporting, policy management, and other maintenance functions, with the ability to export data as needed for use by external tools.
Endpoint protection. Whether servers are on-premises or in the cloud, endpoints can be anyway and are increasingly mobile and at the edge. Platforms must secure all these endpoints whether they exist on bare metal, VMs or containers.
Hybrid Multi-Cloud Support. IT operations and infrastructure increasingly reside in the multi-cloud, especially containerized applications. The need to secure all these elements is very clear. Additionally, deployment of cloud-based security service can accelerate the sharing of threat intel, reputation lists, and other models that should be available in the cloud, leveraging the scalability of hyperscale providers.