Right now the average time an attacker is in an environment is about 200 days. This is a lot of time for someone to nose around and to grab vital information, (not to mention dig in). So how do you fix this? We had the chance to talk with Ionic Security and they just might have the answer to this question. Sitting at the table with CTO and Founder, Adam Ghetti, VP Product Marketing Alain Sergile and VP of Platforms Ken Silva was quite an experience and a very informative one at that.
To start I asked them about the common vectors of weak passwords and unpatched systems and if they felt these were still the biggest way that people get into systems. There was a general consensus that, while it is true that these are very often used it was not the whole story. The vector for attack will depend upon too many factors to generalize in that manner. But Adam offered an interesting thought. What if you make protect the data in a way that makes the information useless even if someone gets in?
This is what Ionic proposes to do. Their new system, once launched, will offer a new type of security that does not worry about the device, but about the data that those devices access. They do this by learning the way devices on your network access data and talk over the network. It does this by building a live and evolving ground truth of your data patterns. Ionic’s system will also communicate with other security devices to help build this metric and real time analytics. Now the fun does not stop with simply building threat metrics for review. The system also monitors things and can mitigate out of pattern traffic in real time. In very simplistic terms it is like having a never ending incident response team that operated in milliseconds instead of days or weeks.
But, Ionic is much more than that though. On top of being able to block access to data for people that are doing things they are not supposed to. There is a lot more to it, Ionic also encrypts your data so that even if someone gets a copy it is useless to them. As Adam puts it, the information goes from data to dust. Even a physical copy of the data (on a USB drive etc.) would be useless. Additionally once someone accesses that data (even remotely) it lets the system know that it was accessed and allows you to track how that information was grabbed.
Adam went on to explain that the system will allow you to see who opened the file, from where, what they did with it and then find out every other file that followed a similar pattern. This is a level of visibility that is not really found in today’s device centric security models. Ken added in that they wanted to make the data itself so secure that even if it was sitting on a server in a bad guy’s basement it would be of no use.
This form of security (data centric) is an inversion of the way we currently think about protecting our networks. Ken pointed out that the traditional thought process of building a moat and walls does not offer true protection of your data. It is still needed because you have to protect the infrastructure, but a new method is needing to prevent your data from being stolen. This lead into a conversation about cryptography and its limitations. The guys all agreed that the current key management (PKI) was not designed to be used in today’s common environments. It is simply not suited for it and allows compromise of CAs and Keys in a much easier fashion. Instead he proposed a solution that would be protected if a single documents keys were compromised. You would be able to view that document on that device, but you would have no lateral movement to compromise more information. To truly break the encryption method behind Ionic’s system you would have to crack AES according to Ken.
While Ionic can protect your data from theft, it cannot protect the infrastructure. Adam pointed out that the shift in attacks will most likely move from targeted attacks to gain data to more disruptive attacks designed to hold a company hostage. We have already seen this trend with malware like Cryptolocker, but as companies shift from protecting devices to protecting data these attacks are much more likely to be aimed at disrupting the infrastructure and locking access to data.
This will put security into two categories to watch, infrastructure and data. As we said before you still need the moat and walls (and you have to keep them clean and in good repair), but now you will have items in place to make sure that when someone gets in anything they steal will be about as useful as a pocket full of rocks.
Right now Ionic’s game changing solution is not available to the market, but they expect to go live with it soon. They are waiting to finish up the system, work out the bugs and also to prove their claims through a working product. As Adam put it, when this hits the street they will not have to advertise it, the people and providers that are using it will do that form them based on the strength of the product.
After multiple years of watching security bang out the same old products and solutions I can say that I was very impressed with the concept and philosophy behind Ionic’s solution. It really does represent an inversion of the current way we think about protecting our systems and also is built to evolve as networks and data evolves. We are looking forward to learning more about it as they lead up to full product launch.
Tell us what you think in our Forum