In the fog of war, intelligence is limited, ever subject to the enemy's feints and disinformation, doomed to deliver a murky picture that can rarely provide, from the inevitably large amounts of diverse data, a cogent view capable of leading to better decisions and final victory. Given the types of attacks we know take place daily against corporate and government computers and, as is evident by the current level of discourse on how governments may defend or retaliate against a major cyber attack, it would seem that the fog of war has extended to cyberspace, bringing all of the inherent confusion, disinformation and futility that has plagued battlefield commanders since the beginning of time.
In reality, our visibility into sensitive data usage and policy violations (insider threat) as well as into endpoint-specific data access and movement by malicious code (cyber threat) is better now than it ever has been -- and getting better all the time. With modern Enterprise Information Protection (EIP) technology and processes, we can tell far more about the sensitive data in organizations, not only what that data is, but where it is located, who is using it and how they are compromising it. We have a clear and present view on what file is being used by which user and where that data is going, as well as what action is appropriate, once discovered. This information is evidence and irrefutable proof, wholly visible and not obfuscated by any fog, real or metaphorical -- a forensic log of data usage events that tells us specific and invaluable intelligence down to the user that accessed the data, the applications in use, the data event that occurred, and the classification of the data itself. EIP represents a significant evolution from Data Loss Prevention (DLP) -- traditional "network or infrastructure" centric security -- in both architecture and process. EIP is a modern day approach because it targets information flow across a business process and human interaction, not just the infrastructure that data moves through or is stored upon.
Now, we see the potential of EIP when combined with Security Information and Event Management (SIEM). The powerful combination of these two platforms delivers a dramatic increase in visibility for insider threat, malware detection and malware containment use cases. SIEM technology has undergone a significant transformation of its own, the combination of previously disparate security information management (SIM) and security event management (SEM) products into state of the art technology that is now capable of giving broad visibility into activity across the IT infrastructure: external threats such as malware and hackers; internal threats such as data breaches and fraud; risks from application flaws and configuration changes.
Better together, SIEM and EIP combine to collect not only the extensive IT infrastructure logs and events, but add a rich new data stream from laptops, desktops, servers and mobile devices, including forensic logs of data usage events. Together, they bring this information into a single view that can be correlated, then analyzed, offering a complete risk intelligence picture across the enterprise. This substantial leap forward greatly increases visibility for insider threat, malware detection and containment use cases. What does this mean in the real world? It means your most critical security intelligence is now viewable in your SIEM and actionable through your EIP platform. It means real understanding into the risks and threats your sensitive data faces and actionable responses and controls to mitigate those risk and threats.
History proves that the battlefield commander whose side lacks the very best human and technical intelligence and decision making capabilities will ultimately lose and suffer untold costs in human life and lost assets. In the new world of cyber warfare, Security Officers and CIOs are battlefield commanders who are struggling with the overwhelming effects of the fog of war. EIP and SIEM represent the weapons needed to start winning battles. It's a good time to look up from the trenches, come out of the fog and get into the fight.