Evolution of the security stack – voke Impact Note
- The security stack is changing to include application isolation
- Employees demand fewer restrictions to do their jobs
- IT operations teams need help to balance security with user productivity
The security landscape is continuously changing in response to the advances in the severity of attacks on organizations. Let’s face it, most businesses and government agencies acquire security solutions to protect their intellectual property, but, adding more layers of defense does not necessarily mean that you have better protection, especially when the layers of security rely on detection alone.
Bromium teamed up with an independent analyst firm, Voke, to explore how virtualization can help improve the organizations’ security stack and empower employees to work more freely without restrictions imposed by locked down environments.
IT operations are continuously solving for two challenges:
- Balancing security with end-user productivity.
- Responding to threats as quickly as possible to reduce the business impact of a breach.
In an attempt to boost security, IT teams often resort to implementing restrictive policies, limiting the end-users’ productivity and their ability to do their jobs effectively. Take for example an HR recruiter, whose job requires her to open candidate resumes that arrive as email attachments from untrusted sources. Or an accounts payable analyst, whose job it is to process invoices from outside vendors. In both cases, employees require access to “risky” data from potentially unknown sources to perform essential tasks required for their jobs.
However, even with email gateways and other layered defenses in place, detection-based solutions can never stop every threat, something is always going to slip through. To allow employees to work without restrictions and still protect the organization’s digital assets, IT teams need to look beyond detection. Application isolation can help balance security with productivity by protecting endpoints against threats, while giving employees the freedom to open email attachments, browse the web, or download files. Even if there’s a breach, malware is always contained, so endpoints don’t get owned.
Another primary responsibility of IT security teams is to quickly recognize and respond to threats. By allowing malware to run in a controlled, secure environment utilizing application isolation, they can rapidly triage threats and use the knowledge gained from the forensics data to take swift action and augment additional security investments.
For example, when an HR recruiter opens a resume that turns out to contain malware, the threat is completely hardware-isolated isolated, and the forensics data collected from it gives the security team the information they need to block C2 IP addresses on the gateway to stop future attacks even earlier.
The Impact Note provided by voke outlines security strategies that every organization should implement by:
- Making virtualization part of their security stack.
- Utilizing application isolation as the last line of defense by augmenting detection-based solutions.
- Empower employees to work without restrictions while they perform risky activities like opening emails from untrusted sources.
You can read the voke Impact Note, here.
How has your security stack changed using virtualization?