It is all about communication, the rest is technology. Communication from anywhere, over any type of network, using any type of device characterizes today’s network communication eco system. Long gone are the days where IT managers have a clear and concise picture of the network perimeter and the overall network security status. Really! The good news is: company communication is agile at any rate. The bad news is: company communication is agile at any rate. The good news is: we have access to any data at any point in time from … basically anywhere. The bad news is: so do the bad guys. But who is in control? Device mobility poses the overarching question: Whom do you trust? Do you secure the network or do you secure the device? Where do you place the center of trust? Do you position trust control on the device or in the network? There are many critical questions that deserve to be answered in a decisive and thoughtful way.
Static approaches, where security components operate in silos and isolation from each other, just no longer work. What is called for is a comprehensive security framework consisting of the following six pillars: Access Control, Trust Control, Continuous Monitoring, Automation, Realtime Response and Endpoint Control. A key problem is how Trust is established and how Trust can be maintained. Trust validation means that each device or user must pass a trust validation process. Because one compromised device or user will compromise the overall system. Effective incidence response is mandatory. A security convergence strategy allows building a web of trust. A new open standard protocol (IF-MAP) allows for dynamic data interchange among a wide variety of networking and security components, enabling customers to implement multi-vendor systems that provide coordinated defense-in-depth.
Presented by Rainer Enders