Adaptive security is an approach that has become more widely used in response to a rapidly changing DevOps environment and interconnectedness of everything (i.e. IoT). The goal of adaptive security is to create a feedback loop of threat visibility, detection, and prevention that consistently becomes more effective.
Brief History of Adaptive Security
Sun Microsystems (acquired by Oracle in 2010) coined the term “Adaptive Security Architecture” in 2008. This architecture would be able to anticipate, respond to and contain threats while reducing threat amplification, attack surface, velocity and recovery time. It was an architectural model that imitated a biological autoimmune system at a microscopic level and ecological systems on a macroscopic level.
Biological systems can respond to new conditions and adapt. They respond to threats dynamically using an innate, involuntary immune system response. Ecological systems are comprised of different components and not dependent on one single entity to survive. They are diverse and resilient.
Both systems rely on feedback to increase their ability to respond to threats. This dynamic, autonomous response found in nature is what the originators of the adaptive security model were trying to mimic.
Definition of Adaptive Security
Adaptive security is a security model in which the monitoring of threats remains continuous and improves as cybersecurity risks change and evolve over time. Traditional security methods of the past included antivirus software, intrusion defense systems (IDS), intrusion prevention systems (IPS), and firewalls. These approaches are simply not enough anymore. Development practices and environments are no longer static. Security systems need to be integrated within continuous deployment IT, as well as in the virtual cloud and hybrid environments.
Using heuristics – which is defined as gaining knowledge from experience – adaptive security software studies patterns and behaviors rather than just examining log files, monitoring checkpoints and responding to alerts. It is an intuitive intelligence approach aimed to identify methods and techniques, as used by cyber criminals, used to prevent an attack from occurring and potentially respond to a breach in milliseconds.
Benefits of Adaptive Security
Adaptive security allows for early detection of security compromises and an automatic, autonomous response when a malicious event occurs. Other benefits of implementing an adaptive security architecture include:
● Prevent data theft and sabotage.
● Contain a threat when it occurs instantly.
● Lessen dwell time of threats.
● Recognize ongoing security breaches.
● Stop the spread of a pandemic.
● Avoid a monoculture systems environment.
There is no single system or process in adaptive security. It is a multi-level, around-the-clock monitoring system that is designed to evolve as cyber threats and attacks become more sophisticated and complex.
Best Practices for Adaptive Security
Gartner lists the four stages of an adaptive security architecture as: predict, prevent, respond and defect. These can be briefly defined as:
Predict – assess risk, anticipate attacks and malware, implement baseline systems and posture.
Prevent – harden and isolate systems to prevent security breaches.
Respond – investigate incidents, design policy changes, conduct retrospective analysis.
Defect – prioritize risks, defect and contain incidents.
These four stages – combined with policy and compliance measures – are used to create a system with an ability to quickly trace and respond to suspect behavior at the source. This happens with situations such as malware connecting at an endpoint, or a user acting suspiciously.
Analytics and Machine Learning in Adaptive Security
A primary tenet of adaptive security is to always assume there is something wrong with the system. Continual monitoring and improvements of security architecture are the main priorities. The modus operandi is to not wait for an incident to happen, but to expect it, identify it, and respond before having the chance to breach the system.
It needs to be a proactive approach model as opposed to a reactive one. Security analytics and machine learning are key components of adaptive security architecture. In addition to this, descriptive analytics detect anomalous events, diagnostic analytics help explain why an adverse event happened and predictive analytics can identify suspicious behavior based on historical data and patterns – both on microscopic and macroscopic levels.
With endless reams of Big Data locked up in data warehouses in the cloud and malicious activity disguised as legitimate commands, and server requests becoming nearly impossible to detect, machine learning can serve a useful purpose. It can assist a security team by automating many processes such as pattern recognition used in analytics.
MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) is developing an adaptive security platform called AI2. Machine learning is used to review data from tens of millions of data logs per day. It reduces the number of events a cybersecurity analyst must review from one or two hundred to tens of thousands. With the ability to autonomously learn from past successes and failures, it has an 85% success rate predicting cyber attacks.
Adaptive Security Solutions
Effective adaptive security requires robust solutions that incorporate a variety of features and security measures for predicting threats and ensuring comprehensive network and endpoint protection. Taking a proactive approach to security enables enterprises to more readily adapt to the changing threat landscape and initiate rapid incident response measures to halt breaches before they can expose sensitive data – or better, before they gain access at all.
Adaptive security solutions should offer visibility and threat alerts (real-time insights with dashboards), time-to-value (phase one deployment in 90 days or less), and access to security experts 24/7.
