The Cloud Is A Key To Cyber Defence

Uploaded on 2018-04-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Organisations need to make sense of security intelligence and act on it faster to get ahead of attackers, and cloud-based security is one way of making that possible.

Companies are moving to the cloud for greater agility, flexibility and resilience, and they should be doing the same with security, says Greg Day, chief security officer for Europe at Palo Alto Networks. “Security challenges and IT are now so dynamic that five-year plans no longer work,” he told the company’s End User Cybersecurity Summit in London.

To get ahead of the attackers, or at least on an even playing field, Day said organisations need to adapt their cyber defence capabilities at the same pace that adversaries are evolving their attacks.

Threat intelligence is an important element of any organisations defence capability, but the challenge facing organisations is being able to process threat intelligence and respond fast enough to be effective.

Legislation such as the EU’s General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive are also increasing the pressure on organisations to make sense of the security intelligence they are gathering, particularly from their own systems, to report breaches within 72 hours in some cases.

“Three years ago, organisations were taking an average of 229 days to identify a breach, two year ago this was around 205 days, while in 2017 this was down to 146, but simpler cases were being identified within 30 days.

“Although this shows progress is being made, being able to identify a breach within 30 days is not much use when the law requires it to be done within 72 hours, which means organisations have to change the way they consume intelligence and other security services,” said Day.

Cloud-based services the key enabler

While a growing number of security suppliers are attempting to tackle this problem with artificial intelligence, Palo Alto Networks believes that cloud-based services are the key enabler, and in June 2017 announced the Palo Alto Networks Application Framework to extend the capabilities of the Palo Alto Next-Generation Security Platform to enable organisations to implement innovative cloud-based security applications from any provider, large or small.

According to Palo Alto Networks, security platforms with open application programming interfaces (APIs) are set to turn the business model for the information security industry on its head in response to the need for new models that will drive more innovation, value and encourage sharing of threat intelligence in highly automated ways.

This is what the application framework is designed to deliver by enabling a software as a service (SaaS) consumption model, allowing customers to rapidly evaluate and deploy capabilities through security applications built by Palo Alto Networks, third-party developers, managed security service providers (MSSPs) and their own teams.

This new model is aimed at enabling organisations to activate cloud-delivered applications instantly from different providers as security needs change and without deploying or managing additional products.

The service-based model, said Day, is key to enabling organisations to apply the latest technological capabilities to meet changing cyber defence and other business requirements.

“By switching to a consumable subscription, organisations can put the responsibility on somebody else to keep pace with technology change so they can adapt their technology and service consumption to move with the business,” he said.

Computer Weekly

You Might Also Read: 

Have You Gauged The Cost Of A Cloud Outage?:

Ensure Your Cloud Storage Is Compliant With GDPR:

 

« Denmark: A Leader In Cyber Security
Criminal Web-Injects Can Steal Cryptocurrency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.