Shattered! Security in a Fragmented World of Workloads

By Satyam Tyagi, Director Product Management, ColorTokens Inc.

 Look at me, I’m in tatters!

Don’t you know the crime rate is going up, up, up, up, up?

To live in this town you must be tough, tough, tough, tough, tough!

You got rats on the West Side

Bed bugs uptown

What a mess this town’s in tatters, I’ve been shattered

Enterprise IT and applications have evolved over the last decade with the adoption of virtualization, micro-services, hybrid data centers, and dynamic multi-cloud environments. The value of data has increased with extensive digitization of every information and process necessary to run the business.

Maintaining a consistent and comprehensive security posture is a challenge. Security teams have to do a lot of heavy lifting to work in these challenging environments. This fragmented and incomplete picture and always playing the catch-up game with the dynamic infrastructure puts a lot of pressure on the admins, resulting in misconfigurations and inconsistent security posture, paving the way for breaches.

More and more about some useless information

I can’t get no satisfaction, I can’t get no satisfaction

Cause I try and I try and I try and I try

I can’t get no, I can’t get no

When I’m driving’ in my car, and the man comes on the radio

He’s telling’ me more and more about some useless information

Supposed to fire my imagination

Traditional security solutions like firewalls and antivirus are insufficient and incomplete. More firewalls and more antivirus are not going to cut it.

The fact is only 15% of the traffic flows through the perimeter firewalls and no matter how good or sophisticated the firewall is, it can only do so much. And traditional antivirus and signature-based techniques can only catch a small percentage of attacks.

There are multiple vendors who are pushing different security tools in the cloud, from server hardening, vulnerability management, visibility, micro-segmentation, system integrity management, application control whitelisting, EDR etc.

The biggest challenge is that these solutions are fragmented and are artificially put together with a SIEM, which is cumbersome, requires months if not years of tuning and teams of analysts dealing with false positives.

Get what you need, oh yeah!

But if you try sometimes you just might find

You just might find

You get what you need, oh yeah

What the security team needs is a comprehensive and integrated security platform for their endpoints and workloads.

Need 1: Understand the Comprehensive Security Picture

Security teams need a place where they can see the complete picture. A consolidated view where one can understand vulnerabilities in the context of exposure. Malware infections in the context of the threats they pose. And network traffic and application access in the context of the authorization policy. Without a comprehensive picture, security teams can neither understand the situation nor communicate it to the stakeholders.

Need 2: Enforce Business Security Needs

Once security can see the comprehensive picture, they need the ability to enforce business needs. Which applications are dealing with sensitive data and need to be isolated and protected; which users are privileged or need access to privileged data and applications to perform their business function? This needs to be done in a way such that it can scale. If every environment, cloud, operating system, software, application, and user device needs a separate control, then it does not work. The work of the security teams becomes constantly translating the ever-changing business needs into infrastructure specific technologies which are never the same.

Need 3: Simplified Incident, Investigation and Remediation Centre

Acknowledgment that you need to have the ability to detect and remediate attacks is crucial – no matter how sophisticated our protection maybe. Having a consolidated platform means that no fine tuning of the incident center for months to integrate all products. No cumbersome and time-consuming false positives because the disjoint products have no context, where one product understands vulnerability but does not understand it is shielded and quarantined, where another understand botnets and malware but does not know the business value of compromised systems.

At ColorTokens we provide a comprehensive security platform that is designed around these key needs of security teams. In fact, we offer a complete managed service around our SaaS cloud-based technology. Such that the security teams can say …

Hey, you, get off my cloud

Hey, you, get off my cloud

Don’t hang around because two’s a crowd

On my cloud, hey, you.

About the Author

Satyam Tyagi is the Director of Product Management at ColorTokens Inc. He is an industry thought leader in security and networking, responsible for significant advances in end-point, mobile and application security. He was awarded four patents in application security and networking, including products sold by Cisco and Avaya. An inaugural director of Samsung Mobile Enterprise Lab, Satyam led the team originating Samsung Knox smartphone security enabling Samsung phones to be certified for US military use. At Zscaler, he led mobile security products protecting sensitive data for some of the world’s largest enterprises. Satyam also held roles in product management and engineering at Juniper, Sipera (Avaya) and Cisco. He holds a Master’s in Computer Science from the University of North Texas and Bachelor’s in Computer Science and Engineering from IIT (BHU).