How enterprises can realize the full potential of CARTA
Trust has traditionally been the cornerstone of network security. It’s what allows everything from files to data packets to move across a network, while also controlling permissions for end users.
But in modern networking, establishing trust is getting harder. Detection systems for cyberattack have traditionally needed pre-designed signatures that identify specific sets of malicious code, or anomalies in the normal data flow.
In an increasingly digital business world, binary decisions like allow or block no longer work. That’s where CARTA comes in.
CARTA stands for continuous adaptive risk and trust assessment. It’s a cybersecurity model envisaged by tech analysts Gartner that builds on their concept of Adaptive Security Architecture – but takes it further.
It’s based on the idea that enterprises now need to embrace a continuously adaptive cybersecurity posture that can keep pace with the persistent evolution of new tools and tactics used by cyber criminals.
“In an increasingly digital business world, binary decisions like allow or block no longer work.”
Current methods of establishing trust also leave the door wide open for insider threats. Because inside users are pre-defined as safe by the network, malicious or negligent activity like data leaking is less likely to set alarm bells ringing.
Enterprises now have to decide how to say ‘yes’ to transactions when all the information they had in the past isn’t available, or when saying yes brings a level of risk. CARTA accepts that permissions have to be granted within the more fluid criteria of risk and trustworthiness.
Cybersecurity systems therefore have to become smarter, in order to weight variables and make sound – but complex – decisions.
CARTA’s core principles
CARTA treats every network connected system or device as potential sources of breach, so the behaviour of every network asset is continuously assessed for risk and trust. That requires CARTA to be applied across three phases of information security and risk management:
For CARTA to work, data analytics have to be part of the cyber-arsenal, with machine learning offering the most value in terms of finding anomalies.
Security analytics can detect intrusions and infections that might otherwise bypass rules-based prevention systems.
In the US, the average time before a breach is detected is 99 days, at an average cost of remediation of $4 million. By speeding up and automating detection, response time is shortened and costs contained. Machine learning can also help enterprises focus limited resources on events with the highest risk.
CARTA also requires organizations to continuously assess their ecosystem risk. It assumes that partners and trusted vendors assume some responsibility for sustaining a customer’s or client’s cybersecurity and brand reputation.
Major digital partners should only be allowed into an organization’s IT ecosystem after a rigorous security and risk assessment – and should be monitored continuously to assess the risk they might pose in the future.
Under a CARTA mindset, compliance and governance are continuously assessed at an enterprise level. Analytics can provide the basis for predictive models around key business risks, and the value of opportunities that might be available if more risk is taken on.
Applying CARTA in real life
Enterprises are already shifting security budgets from legacy tools like firewalls to focus more heavily on machine learning and data analytics.
The early adopters are constantly assessing network data traffic patterns to fine tune security protocols, and building a cybersecurity posture better suited to today’s threat environment.
Driven by dynamic technologies like mobile, Cloud, and IoT, digital transformation of the economy has made binary approaches to threat detection obsolete. Protecting an attack surface that’s constantly expanding – which may not have a perimeter – requires a continuous approach to assessing vulnerability and identifying cyber risks.
CARTA provides a road map for implementing a security program capable of responding to the velocity and volume of new threats, and their fast-changing nature.
Smart Data Loss Prevention solutions can help enterprises realize CARTA’s potential by making data protection and network security more responsive – adapting as they monitor and learn. These new smart systems can also produce more defined data classification rules, and better control access permission by more accurately identifying legitimate users.
As CARTA becomes the norm in cybersecurity, system managers will improve their ability to identify malicious activity and stop cyber-criminals from damaging or stealing data.