Understanding ASI: Advanced Security Intelligence for business
ASI is an evolutionary response to revolutionary developments in global cyberterror and organised crime gangs. Davey Winder investigates
Earlier this year the head of MI5, speaking publicly for the first time in two years, warned that UK businesses are battling astonishing levels of cyber-attack. Jonathan Evans called the attacks, from organised criminals and state-sponsored groups alike, a “threat to the integrity, confidentiality and availability of government information”. MI5 itself has been involved in trying to defend government targets against what he described as being an “industrial-scale process” involving thousands of people.
He was right then, and nothing has changed since to suggest that he isn’t right now. However, the threat is not only to government data and against government departments; businesses are at risk of exposure to the fallout from such attacks as well. A marketing manager for an IT security vendor might call this an evolution of the attack surface, or evolution of the threat space; it’s actually only natural progression.
IT security has always been about defending against a mix of the old and new
IT security has always been about defending against a mix of the old and new, the determined thief and the bedroom chancer, the master hacker and the script kiddie. What we see here are new threats being developed by the determined master hackers – threats that once launched, detected and analysed become distributed amongst the script kiddies and chancers alike. Although this sounds like a one-sided game, with the bad guys holding all the aces, the truth is that such evolutionary developments swing both ways.
While the National Security Strategy rates cyber-attacks up there with terrorist attacks for the threat it poses to critical national infrastructure, more money and resources will be thrown at defending against it at a national, state-sponsored level. This is good news for businesses of all sizes, as the drip-down effect will be a better understanding of how to protect commercial data, business networks and your own bottom line.
As the attack surface broadens and the attack types become increasingly sophisticated, so the need to ramp up conventional cyber-defences grows in importance. If you think of the traditional approach to mitigating IT risk as being “point security” – antivirus, intrusion prevention systems and firewall – the time has come to join the folk at MI5 in implementing Advanced Security Intelligence (ASI).
Advanced Security Intelligence
Think of ASI as taking a holistic, real-time view of all information sources being analysed in order to spot any anomaly, such as unusual user behaviour or oddities in network traffic. If you’ve been around IT security and network admin for a while you might recognise the basic description of security information and event management (SIEM) and log management tools – in fact, ASI has been referred to as next-generation SIEM (NGSIEM). IBM and McAfee are bolstering their SIEM tools with additional ASI capabilities.
But in the real world, what does this actually mean to your business? It means understanding that erecting a wall around your data is no longer enough. You need to be able to get a view on what’s happening behind, in front, above and below that wall; you need to know if the builders of that wall used cheap bricks; you need to be able to not only see the bigger picture, but analyse every pixel of it to spot the insecurity.