What is a Security Operating Platform?
Rooted in prevention, a Security Operating Platform is designed from the ground up to counter attacks before they manifest in an organization’s environment.
First, the various elements of a Security Operating Platform must be implemented in the correct positions within a security architecture to be able to enforce security rules across an organization’s security posture. Second, the platform must be agile and have the ability to very quickly turn unknown threats into known threats, on a global level, and automatically share the new threat data. What’s more, a Security Operating Platform should be able to automatically extend new protections within an organization’s security posture based on this new data to stop the spread of an attack.
Why a Security Operating Platform Approach?
Legacy security systems, made up of cobbled-together point solutions, have proven themselves inadequate in preventing the rising volume and sophistication of cyberattacks. Too many security tools depend too heavily on manual intervention, which is slow by nature and can’t provide new protections quickly enough to make a meaningful impact on an ongoing targeted attack. Manual detection and remediation does little to reduce risk, as it is mainly done after the fact, with limited visibility and manual correlation of the different attack elements. Not only is this approach expensive in terms of time and money, it makes it very difficult to see the attack as a whole and distracts from the identification of true threats, leaving organizations vulnerable.
Truly reducing cyber risk requires having integrated, automated, and effective controls in place to detect and prevent threats, both known and unknown, at every stage of the attack lifecycle. A Security Operating Platform, built from the ground up for prevention, offers full visibility of traffic–throughout the network, cloud and endpoints–enabling organizations across the globe to protect themselves against cyberattacks, based on how or where applications and data reside or are utilized.
Visibility into all traffic, classified by application, user and content, provides the context necessary to enforce dynamic security policy and reduce the attack surface, based on the assessed risk. Leveraging information from other security-related events to prevent all known threats, followed by detection and prevention of new threats based on a correlated and holistic view of the attack, are crucial to successfully preventing a breach. Producing detailed threat intelligence, analysis and protections that are capable of preventing both known and unknown threats and automatically populating this new information across the security posture is a fundamental need. The power of a Security Operating Platform comes from the sum of all components, fueled by a global threat intelligence engine that leverages the network effects of thousands of customers, technology partners and researchers sharing threat information.
Framework of a Security Operating Platform
A Security Operating Platform’s prevention architecture allows organizations to reduce threat exposure by first enabling applications for all users or devices in any location, and then preventing threats within application flows, tying application use to user identities across physical, cloud-based and software-as-a-service (SaaS) environments.
To enable the prevention of successful cyberattacks, a Security Operating Platform must offer four key capabilities:
- 1. Full visibility. To understand the full context of an attack, visibility of all users and devices is provided across the organization’s network, endpoint, cloud and SaaS applications.
- 2. Reduce the attack surface. Best-of-breed technologies that are natively integrated provide a prevention architecture that inherently reduces the attack surface. This type of architecture allows organizations to exert positive control based on applications, users and content, with support for open comunication, orchestration and visibility.
- 3. Prevent all known threats, fast. A coordinated security platform accounts for the full scope of an attack, across the different security controls that compose the security posture. This allows organizations to quickly identify and block known threats.
- 4. Detect and prevent new, unknown threats with automation. Building security that simply detects threats and requires a manual response is too little, too late. Automated creation and delivery of near-real-time protections against new threats to the different security products in the organization’s environments enable dynamic policy updates. These updates are designed to allow enterprises to scale defenses with technology, rather than people.
A true security platform will be able to minimize the spread of attacks, leveraging the network effects of a comunity of comprehensive global threat data.
Prevention-First Security Wins
Security should not be an impediment to the adoption of new mobility, SaaS, public or private cloud technologies that enable productivity. With a natively integrated, prevention-first security platform in place, organizations can securely adopt innovative, productivity-enhancing applications and technologies, all the while maintaining a comprehensive and consistent prevention-oriented organizational security posture.
For additional insight, check out the following resources available on the Palo Alto Networks website: