The increase in threats has lead to the convergence of a broad spectrum of security technologies including IT security, surveillance, alarm monitoring, biometrics, access control and response, to name a few. And this convergence has created new opportunities for intelligent, real-time connected security capabilities.
New innovations at the silicon, software and system levels can enable Real-time Connected Security which uses all available data sources in real-time to detect and respond appropriately to security threats or abnormal situations. This article discusses this new way of looking at security opportunities for equipment vendors and service providers.
What are the threats currently effecting businesses?
Company security spans a broad range of potential threats including human resource related issues, legal considerations and physical intrusion, any of which pose a potential danger to the ability of the business to operate normally.
Issues addressed here include leakage of critical information, information espionage, adequate employee screening, physical threats such as robbery and abuse and protection of critical information infrastructure. The protection of critical information infrastructure is one of the most compelling of all.
The sheer volume of transmitted information can be overwhelming: 30 billion text messages and 40 billion e-mail messages are transmitted across the network every day. Eight exabytes (that’s 18 zeros) of IP traffic are generated globally every month.
The real issue is that the vast majority of this traffic is aimed at the enterprise and the systems that enable its ability to function properly. While the bulk of the messages are necessary and harmless, it only takes one to wreak havoc. In fact, the average annual cost to a typical corporation for recovery from the most common types of intrusion can exceed tens of millions of pounds.
Employees represent a major investment for all companies and like all assets they must be protected for both business and compassionate reasons.
Concerns that fall under the topic of personnel protection include building surveillance and security; physical security of car parks, dining facilities, remote buildings and office space; personnel privacy and secrecy of communications; security of computer assets, and physical and network security for remote workers.
Also included here is the creation of a culture of security compliance and physical security for workers travelling on company business or working from home.
With more and more employees choosing to work out of the office or while on the road, the issue of protecting remote workers is becoming increasingly important to businesses of all sizes.
Fraud and Theft Protection
It’s a well-known fact that 80 percent of all retail credit card theft is perpetrated by employees inside of companies, not by outsiders. This kind of activity must be anticipated and programmes for dealing with it must be put into place to adequately cover issues associated with financial liability on the part of the company. Coupled with protection against identity theft, scamming, pfishing, and commercial and insurance fraud this is one of the most critical areas of security in the modern enterprise.
Threats that result from either force majeure or so-called “Acts of God” can have disastrous impacts on enterprise operations, particularly if the company has done nothing to plan for their eventuality.
Major storms, fires, floods, terrorist activity and other events can disrupt business operations, as can the failure of water, gas, sewage, power and phone systems or the loss of high-speed network access and information storage arrays.
Each of these represents a threat area for the modern enterprise. All are important and all represent opportunities to safeguard the real-time operations of a company.
Yet IT security and the services associated with it – threat detection, analysis, coordinated and effective response – represent only a fraction of the annual spending on security-related functions i.e. about 15% of the $185 billion security market.
Far more money is spent on equipment, security personnel, consulting and passive alarm services. These are all critical and necessary expenditures, but given the new threat models presented to businesses, spending should perhaps be shifted to enable real-time connected security to reveal a new and more effective way of using existing technology.
Today, diverse elements that collectively make up enterprise security are functionally fragmented and logically disconnected. Police, fire, emergency medical services, internet security organisations, service providers, software developers and internal and external security personnel operate in a largely uncoordinated, independent fashion.
All have the best intentions, of course, but their overall effectiveness suffers from a lack of integrated functionality. Ultimately, the customer suffers from the impact of slower threat detection and response time.
On the other hand, the deployment of intelligent, multi-source detection capabilities make threat detection faster, more comprehensive and far better coordinated than ever before.
What is real-time Connected Security?
Real-time Connected Security is designed to deliver fast coordinated security. Solutions ultimately display three seminal characteristics. First, it is fast. It has the processing and analytical capability to operate in real-time, detecting threats as they occur, responding immediately, and rapidly correlating multiple threat postures.
Second, it operates in an integrated fashion. Not only does it provide surveillance across enterprise operations and detection of abnormal events, it coordinates the various response elements to a focused and effective response, often “attacking the threat” in a variety of ways to ensure its resolution.
Finally, because it is designed around a converged infrastructure, it helps to reduce the cost of security compliance.
The required functionality in the form of detection, inspection, analysis and response are distributed to the edge, thus reducing the cost of providing the same service to remote offices from a central location over expensive transport resources; and because the underlying infrastructure is a secure IP environment, networking costs are dramatically reduced.
Real-time Connected Security is designed to deliver fast, coordinated security solutions. It has four elements that contribute to its overall effectiveness. First, it is an integrated and managed solution that reduces the cost of deployment, even though the deployed service is highly complex.
Secondly, it offers a more robust and comprehensive suite of security capabilities that address each of the four areas mentioned earlier. Thirdly, it facilitates inter-working among the disparate elements of a comprehensive solution, thus making threat detection faster and more accurate while at the same time increasing the pace of threat resolution.
Finally, Real-time Connected Security is a diversified and decentralised architecture that puts more information into the hands of local response personnel, thus accelerating the pace of response. This constitutes multi-source detection, the result of which is coordinated, focused impact.
How can companies support real-time network security?
Network security is only as good as the underlying infrastructure over which it is deployed. For this reason, companies need to invest in networking technology that will accelerate the delivery of Real-time Connected Security.
Companies can achieve Real-time Connected Security by utilising new low cost encryption IP for integration in LAN and SAN switches, which allow operators to encrypt all links and all data-at-rest. This new cost model for encryption will redefine the security perimeter.
Further still, companies need to keep a close eye on industry leaders in hardware acceleration. The transition from software base content inspection to hardware accelerated content inspection boosts performance by 10 to 100x while reducing power and costs – driving up competition.
All data can now be cost-effectively inspected before processing and storing, boosting the security of the IP infrastructure and ultimately creating an IP infrastructure ready to support multiple security applications like surveillance.
This leads to the third key innovation for migrating surveillance solutions to converged Real-time Connected Security. In recent years, some industry leaders reoriented internal resources to focus on devices specifically designed to handle the unique requirements of high-speed, real-time network signal processing.
Today, the objective is to populate the network with signal processing in order to enable seamless rich information exchange and analytics for surveillance. Yet, few companies have a firm foundation in general purpose DSPs and a well-evolved product line, offering multi-service functional modules that support the varying requirements of voice and video. Efficiency is still key. However, many companies have yet to recognise the benefits of a multi-core virtualised DSP, which relies on hardware offload to increase overall system efficiency.
These innovations translate into an ultra-secure network and data storage environment within which traffic on all links (Data-in-Flight) and all archived data (Data-at-Rest) is encrypted. All data is inspected for threat profiles before being processed for transport or storage and complex and capable analysis and decision-making engines are distributed across the network to ensure that the real-time processing of security threats is a reality.
Building Real-time Connected Security is a complex and difficult undertaking, but given the heightened awareness of security in the enterprise and growth in the threat profiles that companies face, it must be done.
The real value of this approach to Real-time Connected Security is that it creates the platform components upon which OEM vendors can execute a solution that best meets their own needs and those of their direct customers, thus taking advantage of the vast stores of knowledge that exist in the industry today.