By Bruno Zani, Systems Engineering Manager at Intel Security
In contact with CIOs, IT managers and analysts in the area of corporate security, it is common to notice the low level of priority with which most companies deal with the issue of information security. Whether due to lack of funds, lack of knowledge or even thinking that they will not be targets of attacks, many companies end up opting for basic protection tools, solutions aimed at home security, free tools and, sometimes, leaving all data security in charge of a simple antivirus.
Considering the advancement of technologies, the constant increase in threats and the dynamics with which cyberattacks evolve, this is an extremely dangerous scenario. Companies of all sizes have valuable data that could be targeted by cybercriminals, such as ongoing projects or customer information.
When drawing up a security plan, some companies prefer to focus their efforts only on the endpoint, that is, they protect only the machines and not the entire perimeter. The endpoint is just one of the layers that need protection and the solutions that protect it are not enough to leave the network free of threats. It is no longer possible to adopt only antivirus or signature-based solutions to obtain complete protection of the company's network.
Cybercrime is constantly evolving and security solutions also need to be updated to be effective. Ideally, companies should bet on a preventive and non-reactive security framework. Deciding to invest in security after an incident has already happened is much more expensive and labor intensive than investing in prevention.
Currently, we can say that 99% companies have a security structure formed by several tools from different manufacturers. This reality requires companies to keep people trained for each technology, which makes planning and maintenance more expensive and prevents the manager from looking at the security structure in a unified way.
Those responsible for corporate security should consider using investments to integrate existing solutions and expand to perimeter security.
When technologies do not talk to each other and there is no exchange of information, a threat that enters an infected pen drive on an endpoint may not be identified on the network, as there is no sharing of alerts between different security solutions. Based on the concept of connected security, the different security solutions are interconnected so that if there is a recognized threat on the endpoint, for example, all other solutions are warned to block such a threat.
The implementation of a connected security solution is capable of creating a central area of communication that allows technologies to exchange information about threats found at different points in the structure. With this, it is possible to know about an incident and create protection even before the threat propagates in the environment.
Connected security is the future, it will happen little by little and companies must start to adapt. This concept is viable for companies of any size; even with technologies from different manufacturers it is possible to insert a solution that connects all other solutions. You don't need to replace the entire existing structure to adhere to connected security.
Among the benefits, it is worth emphasizing that, with the integrated structure, the total cost of ownership is optimized, centralized information requires fewer people dedicated to security management, in addition to reducing hardware, optimizing processes and, of course, reducing the number of of incidents.