Today, the security landscape has expanded. There are security providers, cloud-based providers, etc, using security tools that leverage the very latest threat intelligence. They do this without the cost and complexity of deploying and managing on-premises systems or spinning up virtual machines in a public cloud.
Scott Robertson, VP Asia Pacific & Japan at Zscaler, tells us more. Excerpts:
DQ: What are the advantages of a security-as-a-service platform in threat management?
Scott Robertson: Delivering security as outsourced service means that the provider manages all IT security services and requires no on-premises hardware or software. The cloud-based service provider can offer a range of services on a subscription basis, including secure web gateway, next-gen firewall, sandbox, SSL decryption and inspection, data loss prevention, intrusion prevention, advanced threat protection and others.
With cloud-delivered security as a service, organizations can gain access to the most up-to-date security tools that leverage the very latest threat intelligence without the cost and complexity of deploying and managing on-premises systems or spinning up virtual machines in a public cloud.
Instead, organizations can focus on their core business and IT can focus on adding value to the business instead of managing updates, change windows, and end-of-life issues. A comprehensive cloud security solution also consolidates disparate point products into an integrated platform.
DQ: How can zero-day attacks and advanced persistent threats be addressed effectively?
Scott Robertson: Zero-day threats exploit a previously unknown vulnerability, which means such an attack occurs on day zero of awareness of the exploit. Signature-based security methodologies, such as antivirus systems, are ineffective in such cases, because they rely on threat histories and known patterns. Organizations are also facing advanced persistent threats (APTs), which may leverage previously unknown attack techniques and vulnerabilities. Such sophisticated attacks must be addressed effectively.
Sandboxing is one technique that uses behavioral analysis and does not rely on signatures. With sandboxing solutions, a binary file is permitted to run in a controlled environment where its behavior is monitored and analyzed. Any suspicious activity is observed over a period of time, after which malware can be identified and confirmed.
Sandbox appliances typically operate out of line, allowing traffic through while inspecting suspicious files in TAP mode. If a threat is detected in the sandbox, it sends an alert, but it can often come too late. An inline sandbox will complete its analysis of a file before allowing it to be delivered, which can be slow, as the analysis is compute-intensive and an appliance only has so much processing power. Because a cloud sandbox has no such limitations, it handles inline analysis without impacting performance.
Sandboxing integrates big data and behavioral analysis to protect enterprise resources. The enterprise can gain immediate protection once a global threat is confirmed and a greater context is built to enable advanced threat protection.
DQ: How do cloud solutions help in the prevention of data loss and enhance network security?
Scott Robertson: Traditional network security is no longer effective with applications moving to cloud and users becoming increasingly mobile. To offer identical protection and policy enforcement no matter where users connect, security and access controls must also move to the cloud. Cloud security solutions are empowered with the latest security updates and protect users and organizations from rapidly evolving malware. If a threat is detected anywhere in the cloud, for any user, protection is deployed everywhere, for every user.
In the cloud-first world, organizations may have blind spots, in which users leave the network and take sensitive data with them, intentionally or unintentionally. Cloud security can prevent that data from being sent out, even if the user is off the network. With the cloud’s complete visibility and advanced policy controls, it closes the gaps in an organization’s data protection strategy.
DQ: LANs and WANs are slowly being phased out by 5G. Explain.
Scott Robertson: With incredibly fast connectivity at a lower cost, it’s no surprise that organizations are looking at broadband. Soon, 5G will start to phase out expensive wide area networks (WANs) with Wi-Fi connections. Local area networks (LANs) will also disappear. We have begun to witness the walls of corporate workplaces becoming fluid with legacy corporate networks and traditional network security slowly evolving into a fully internet-driven workplace. Mobility and bring-your-own-device (BYOD) will continue to become commonplace across industries.
The high usage of Wi-Fi within the physical office will also give way to 5G devices. This 5G era will accelerate the adoption of a new, more mobile work style. The fifth-generation mobile network will not only connect people, but also connect and control machines, objects, and devices. There will be improved performance, efficiency and cost-effectiveness, delivering faster, more reliable access to apps and services.
DQ: How has cyber security evolved over the years, from an IT issue to a top business priority?
Scott Robertson: Organizations today are looking at digital transformation to remain competitive, and a large part of that means relying on internet for conducting business. As a result, data breaches are inevitable, and cybersecurity becomes a top priority.
In today’s digitally transforming world, cybersecurity is about providing a business with the capacity to protect and drive revenues with an acceptable level of risk. Thus, organizations must re-evaluate their approach to IT security, which needs to evolve to focus on cloud and mobility and leave behind legacy methods that result in poor user experience, high costs and a risky security posture.