Contact Us Blog Register Login
PreEmptive -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin Protection
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • JSDefender for JavaScript
        • Overview
        • Features
        • Online Demo
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Android & Java
      • JSDefender for JavaScript
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Application Integrity Protection
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
    • Legal

Fly in Amber: What’s Bugging Infosec Architects?

May 21, 2019 2526 Views Gabriel Torok


The life of a security architect is rarely simple. Assessing, defending and improving corporate networks requires thorough knowledge of industry best practices designed to secure critical data, combined with real-world understanding of hacker tricks and tactics meant to undermine this purpose.

As noted by the InfoSec Institute, this is an in-demand job that often comes with high expectations, odd hours and the need for constant professional evolution to stay ahead of cybercriminal threats. Complicating matters is the breakneck pace of technological advancement. The rapid rise of cloud deployments, mobile applications and IoT devices can make even best-laid security strategies seem like flies in amber — hopelessly out-of-date and effectively immobile.

Here’s a look at what’s really bugging security architects — and how they can break the mold of static security to combat emerging threats.

The Current State of Cybersecurity

There’s an infosec crisis underway. According to Infosecurity Magazine, the ongoing cybersecurity skills shortage requires a rethink to hiring priorities and best practices to ensure companies have the personnel and knowledge they need to effectively combat emerging threats. As noted by Health Care IT News, meanwhile, the impact of compromised IT environments is severe enough that CEOs must prioritize infosec even above projects guaranteed to drive ROI.

Governments are also taking action to address ongoing security issues: As the National Conference of State Legislatures points out, 28 U.S. states now require government agencies to deploy “reasonable security measures” to protect public data; 24 states have also enacted similar laws that apply to private organizations.

For security architects the combination of limited talent pools, evolving threats and expanding legislation creates a cybersecurity landscape where the status quo isn’t enough to defend corporate networks but forward progress is hard to find.

Don’t Bug Me

According to a recent survey from CA Technologies, 66 percent of enterprise security architects said their biggest concern was "providing consistent, end-to-end security." Fifty-five percent pointed to creating APIs and microservices, while 39 percent worried about managing partner ecosystems and 36 percent struggled with responding to market demands.

Here’s why it’s bugging them:

  • Consistent End-to-End Security — This is the Holy Grail for security architects but remains an elusive goal. Why? Because hackers now rely on a combination of new threat vectors and historically-successful attacks (such as phishing and macro malware) to compromise corporate networks. Finding solutions that work both in-situ and over time is challenging even for experienced architects.
  • APIs and Applications — 63 percent of app developers share this concern, and it’s no surprise. If hackers can compromise applications or third-party APIs by reverse engineering source code or probing and altering network traffic to find vulnerabilities, they could circumvent security checks and/or gain access to critical data.
  • Partner Ecosystems — Third-party ecosystems are often corporate weakpoints because in-house IT can’t control the APIs and applications used. While security architects can draft agreements that include security requirements, the onus is on first-party data owners to ensure they’re in compliance with government or private industry regulations.
  • Market Demands — The security landscape is constantly changing, making it difficult for architects to know when they should go all-in on security solutions and when it’s worth waiting for the next market shift. Mobile applications are a good example: The sheer number of apps now used by companies on a day-to-day basis demands robust management and agile security solutions.

Forward Motion

As noted above, forward progress is the goal for any security architect — building better, stronger and more responsive security designs capable of keeping pace with the changing nature of infosec. But this progress can be elusive, and for many architects the lack of measurable impact can frustrate best intentions.

For security architects feeling trapped, here’s a three-step guide to forward motion:

  1. Measure by Movement, Not Distance — It’s not about how far you go, it’s about making progress. Why does this matter? Because infosec pros tend to prioritize perfection, but it’s impossible to ensure networks and applications are 100 percent secure. By identifying key issues that can be improved with current resources and talent — such as implementing two-factor authentication or utilizing in-app protection — architects can make measurable progress that offers direct business benefits.
  2. No Bug Spray is Perfect — No single solution will solve every security problem, no matter what the marketing says. End-user analytics, intrusion detection and application hardening tools each have a role to play in reducing the frequency and sting of cyberattacks, but consistent end-to-end security is only possible with multiple solutions working in tandem.
  3. Seeing is Believing — You can’t defend what you can’t see. For many security professionals, this is their stumbling block: Lack of visibility makes it impossible to create effective infosec policies. Tools that prioritize end-user activity, application behavior and network traffic patterns are critical to gain insight and inform long-term strategy.

It’s easy for security architects to feel trapped in the current infosec climate. Break the barrier by focusing on motion over distance, taking a comprehensive approach to application and network security concerns and prioritizing visibility as the key to effective strategy.


Start a Free Trial

Tweet
Share

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • JSDefender

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Latest Blog Posts

Protecting Java applications that use Jackson for JSON



JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

Read more

Protecting C# applications that use AutoMapper



AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO



Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Read more

Surgical Theater Protects their Medical Applications with Dotfuscator



Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Read more

Integrating DashO into a Maven Build



Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Read more

preemptive logo

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

December 30, 2020
Read more

Protecting C# applications that use AutoMapper

November 18, 2020
Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO

November 10, 2020
Read more

Surgical Theater Protects their Medical Applications with Dotfuscator

October 30, 2020
Read more

GlobalMed Finds Success by Switching to JSDefender

October 21, 2020
Read more

Twitter

@baldbeardbuild @GirlsWhoCode @baldbeardbuild thanks so much for inspiring us to be BUILDERS in our own community!… https://t.co/U6AyqPDhsa Jan 14 • reply • retweet • favorite

Copyright © 2020 PreEmptive

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.