Retrospective security

Security should look at what has happened before the attack says Anthony Perridge from Sourcefire

Tags: Sourcefire (
  • E-Mail
Retrospective security
By  Anthony Perridge Published  June 11, 2013

Virtually every vehicle these days comes equipped with a rear view mirror and side view mirrors, and with good reason. Imagine the safety issues with no visibility. How would you know if there’s a pedestrian walking by as you pull out of parking space? Or a police, fire or rescue vehicle coming up from behind, responding to a call? Or another driver trying to pass you? Talk about a blind spot!

For the first 30 years gas powered automobiles operated without mirrors. With no congestion and slow speeds, drivers could focus on the road ahead, avoid obvious hazards and remain fairly safe. But as the automobile became more popular and more powerful, and lack of visibility became a challenge. Rear view and side view mirrors were developed and became “must haves’.

We’re at a similar inflection point in the IT security industry. When the first PC viruses appeared nearly 25 years ago, defenders could protect against them by detecting and blocking files as they attempted to enter the network. But now threats have evolved and are more cunning than any we’ve experienced before. Focusing only on what’s ahead is no longer sufficient. Once files enter a network, most security professionals have no way to look back. Without “mirrors” they can’t continue to monitor files and take action should the files later prove to be malicious.

So how can you gain visibility and control after a suspicious file has permeated the network? Retrospective security serves as those “mirrors”, enabling a new level of security effectiveness that combines retrospective detection and remediation with up-to-the-minute protection. IT security staff can continue to track, analyse and be alerted to files previously classified as safe, and then take action to quarantine those files, remediate and create protections to prevent the risk of reinfection.

Key technologies have advanced to enable retrospective security. The first is big data analytics. Retrospective security accesses big data and turns that data into information for automated actions as well as actionable intelligence that IT security teams can use to make more informed, timely security decisions after an attack. Cloud computing is another powerful new tool to enable retrospective security.

Leveraging the virtually unlimited, cost-effective storage and processing power of the cloud, retrospective security applies big data to continuously track and store file information across a widespread community and analyse how these files are behaving against the latest threat intelligence stored in the cloud. Armed with this knowledge IT security staff can rapidly identify a file that begins to act maliciously and move quickly to understand the scope of the damage, contain the threat, remediate it.

New threats and new technologies are coming together to bring a new perspective to security. Just as rear view and side view mirrors were added to automobiles when the time was right, the time is right for IT security to include retrospective security.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code