The Cloud Is A Key To Cyber Defence

Uploaded on 2018-04-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Organisations need to make sense of security intelligence and act on it faster to get ahead of attackers, and cloud-based security is one way of making that possible.

Companies are moving to the cloud for greater agility, flexibility and resilience, and they should be doing the same with security, says Greg Day, chief security officer for Europe at Palo Alto Networks. “Security challenges and IT are now so dynamic that five-year plans no longer work,” he told the company’s End User Cybersecurity Summit in London.

To get ahead of the attackers, or at least on an even playing field, Day said organisations need to adapt their cyber defence capabilities at the same pace that adversaries are evolving their attacks.

Threat intelligence is an important element of any organisations defence capability, but the challenge facing organisations is being able to process threat intelligence and respond fast enough to be effective.

Legislation such as the EU’s General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive are also increasing the pressure on organisations to make sense of the security intelligence they are gathering, particularly from their own systems, to report breaches within 72 hours in some cases.

“Three years ago, organisations were taking an average of 229 days to identify a breach, two year ago this was around 205 days, while in 2017 this was down to 146, but simpler cases were being identified within 30 days.

“Although this shows progress is being made, being able to identify a breach within 30 days is not much use when the law requires it to be done within 72 hours, which means organisations have to change the way they consume intelligence and other security services,” said Day.

Cloud-based services the key enabler

While a growing number of security suppliers are attempting to tackle this problem with artificial intelligence, Palo Alto Networks believes that cloud-based services are the key enabler, and in June 2017 announced the Palo Alto Networks Application Framework to extend the capabilities of the Palo Alto Next-Generation Security Platform to enable organisations to implement innovative cloud-based security applications from any provider, large or small.

According to Palo Alto Networks, security platforms with open application programming interfaces (APIs) are set to turn the business model for the information security industry on its head in response to the need for new models that will drive more innovation, value and encourage sharing of threat intelligence in highly automated ways.

This is what the application framework is designed to deliver by enabling a software as a service (SaaS) consumption model, allowing customers to rapidly evaluate and deploy capabilities through security applications built by Palo Alto Networks, third-party developers, managed security service providers (MSSPs) and their own teams.

This new model is aimed at enabling organisations to activate cloud-delivered applications instantly from different providers as security needs change and without deploying or managing additional products.

The service-based model, said Day, is key to enabling organisations to apply the latest technological capabilities to meet changing cyber defence and other business requirements.

“By switching to a consumable subscription, organisations can put the responsibility on somebody else to keep pace with technology change so they can adapt their technology and service consumption to move with the business,” he said.

Computer Weekly

You Might Also Read: 

Have You Gauged The Cost Of A Cloud Outage?:

Ensure Your Cloud Storage Is Compliant With GDPR:

 

« Denmark: A Leader In Cyber Security
Criminal Web-Injects Can Steal Cryptocurrency »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Vectra AI

Vectra AI

Vectra threat detection & response - see and stop threats across hybrid and multi-cloud enterprises.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.