It is an information security approach that employs modern tactics and tools to thwart the attack on the network by cybercriminals. It can be considered as a way of “beating the cybercrime masters in their own game”. Thus, organizations should not solely rely on preventative mechanisms as cybercriminals are continuously “upping” their game and not giving up in launching attacks on vulnerable networks. In simpler terms, Adaptive Security Architecture means having flexible security measures in place to be able to protect an organization’s information. This goes beyond the traditional perimeter defence from potential threats.
While the two terms, adaptive and security are somewhat explanatory, some readers might find the term, architecture to be a bit ambiguous in this regard. However, having listened to John Zachman (who is widely regarded as one of the early pioneers of Enterprise Architecture) at a seminar at the University of Pretoria in 2012 about Enterprise Architecture, the description given to architecture in a technology space fits well with the adaptive security architecture concept.
He (John Zachman) described architecture as a set of descriptions of representation e.g. what? (Inventory sets); How? (Process); Where? (Distribution); Who? (Responsibility); When? (Timing cycles); Why? (Motivation/Intention). These will be explained further in the next blogs.
In February 2016, Gartner classified Adaptive Security Architecture (ASA) as part of the new IT Reality Theme that sits along Advanced System Architecture; Mesh App and Service Architecture; and IoT Architecture and Platforms. In a 2016 report by Gartner, Designing Adaptive Security Architecture for Protection from Advanced Attacks, they reflected ASA as having four main elements, Predict, Block/Prevent, Detect and Respond. The report advocates that these four elements should work intelligently together as an integrated, adaptive system to constitute a complete protection for advanced threats. Gartner describes capabilities of ASA in each quadrant represented by Predict, Block/Prevent, Detect and Respond. This will be displayed in later blogs.
Continuous Monitoring and Analytics is at the core of adaptive protection architecture. This is to emphasise that security process should be continuous, and that pervasive monitoring and visibility should be constantly analyzed for indications of compromise.
Sun Microsoft lists the following as the objectives of Adaptive Security Architecture:
- Reduce threat amplification – it restricts the potential spread of a pandemic in a monoculture.
- Shrink the attack surface – make the target of an attack smaller
- Decrease attack velocity – slow the rate of attack
- Reduce remediation time – respond to an attack quickly
- Facilitate the availability of data and processing resources – prevent or contain attacks that try to limit resources
- Promote correctness of data and the reliability of processing resources – respond to attacks intended to compromise data or system integrity.
ASA should actually be part of an organization’s processes. In an article available online by Chris Riley, http://devops.com/2015/05/27/what-is-adaptive-security/, he suggests that adaptive security needs to be able to make decisions and respond within seconds or milliseconds after anomalous behaviour.
In 2008 Sun Microsystems produced a paper, Designing an Adaptive Security Architecture which interestingly outlines the steps to be taken in designing an adaptive security model, (http://www.sun.com/blueprints/online.html)
The next blog will deal with the differences between traditional security and the adaptive security and also highlights the benefits of adaptive security architecture.