Christopher Schuetze and Matthias Reinwarth discuss a security architecture blueprint that implements the concept of Security Fabric.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Christopher Schuetze and Matthias Reinwarth discuss a security architecture blueprint that implements the concept of Security Fabric.
Christopher Schuetze and Matthias Reinwarth discuss a security architecture blueprint that implements the concept of Security Fabric.
Welcome to the KuppingerCole Analyst Chat. Add your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts. My guest today is Christopher Schutze. He is director of practice cybersecurity, and a senior analyst at KuppingerCole. And today we want to continue our discussion about the security fabric and the concept behind that. Hi Christopher. Hi Matthias. And thank you again for the invitation for today's podcast. Yeah. Great to have you again. And let's just dive into that.
We looked at the concept of the security fabric, which is an approach to get a holistic picture of an overall security architecture about an overall concept for creating, for assessing and for further developing security architectures. We've mentioned the principles behind that in our earlier episode. So we talked about the concept of govern and manage as the overarching approach to maintain a security architecture and to maintain the security, but also the aspects of to protect. So it really to prevent something from happening to detect in case something did happen to respond adequately.
Once you have detected something and to recover afterwards, once you think that the response was adequate and you are sure that the response was adequate, when we want to get into this situation to create such an architecture, you've created a security reference architecture. Can you explain a bit more how that maps to these five aspects that I just mentioned? Yeah. First of all, thank you for the very good introduction into the five core topics of our security reference architecture and the security fabric.
And the last podcast we talked about that the idea of the security fabric is really to connect everything, to take all identities, devices, data, applications, systems, and networks have those five capabilities or underlying capabilities to achieve a really good level of security. And this is mainly how it integrates into each other. The one idea is to have the fabric with concrete capabilities, but on the other hand, we need some kind of reference architecture that we really know what is a typical building block for, for instance, for protection or for detection or for respond.
It is really necessary here to know what are the core elements, what is a must have, what is a should have? And this is the idea of the reference architecture. For instance, we have the govern and manage area, which is really for all the other areas relevant. It's at the end, the base for everything it's from identifying business objectives to use and implement existing security frameworks and standards like NIST or ISO 27 K. And also things like in general, it risk management approach or integrating the it risk management into the enterprise corporate risk management.
And this is the idea of the reference architecture. And in general, as mentioned, we have the overall topics in governance manage. It is mainly about governance and security management and all the other hand in the four other areas, protect, detect, respond, and recover. We really look on a more technical level on a more capability level bundled in some building blocks.
And this is based on maybe on the ease, the OSI model model, if you know it it's about data application system, network and endpoint, but the special thing here is really that we also have an category about full service, those sings, which cover technically all those layers like data application system, network, and endpoint, and a good example in the protection area. For instances here, the physical security, the access to a building, because at the end, the excess, the physical security as an excess foreign building protects everything.
If you have a computer notebook with you, you can connect it to an LAN adapter to inviolate. You can connect to the wireless network, you can steal a computer or whatever, or hard drive or something like that on USB stick. And this is the idea behind the reference architecture. So governance management really come with this also risk-based approach. So really to identify the risks and to assess them and to, to approach them adequately. And then you have the four other areas where you're trying to mitigate this. Did I get that right?
Yeah, exactly. And maybe it is a good idea for you also dig into a little bit deeper, like for instance, topic for data or for the specific areas, data protection, for instance, is a part or a component of data protection is enterprise information protection. For sure. We have general data security and we have some change control. This is for instance, also relevant. If you do things like dev ops. So the pipeline, when you deploy something that you really can detect or identify who modified something and what was the previous state of the data.
And then we have things like data, access governance. So for structured and unstructured data from databases to collaboration tools where data is stored, and this is something which at the end also integrates into the identity fabric topic too. Okay. That covered roughly the data protection scope. What about the, the other areas that you mentioned application and systems maybe to start with application?
What are the components that we have to look at in this reference architecture when it comes to protecting and detecting threats on applications, Especially application is a really big topic. We have there a lot of building blocks really for protection only we have the general application security building block, but also access management is really relevant here because applications are protected within an excess management. So it is an important part here, same as with an additional layer of security for authentication.
So adapt different strong authentication, or some more modern approaches for authorization, like an authorization management. We have done more of that traditional legacy stuff like web applications, gateway, really the pure identity and governance and administration part, the management of privileged excesses and very important today, the IPI management and security, which also integrates into identity and access management, but especially IGA privileged management and API management is a topic which is not only for protection. It is also, or can also be used for detection.
So it's relevant for both categories, protection and detection. When we talk about systems and protection does is mainly about operating system, configuration management and general vulnerability management. Okay. Especially when you're not the expert in cyber security, when you think of security, it's many things of firewalls of network security. That is also an important aspect, but it's not that huge within the reference architecture. Am I missing here at point?
No, we have four network. We have network security for sure. It's a very specific area and you need it. You should have something like that, but there's not the big area at the end network security. If you think about the configuration portals for routes or something like that, this is also integrated into privileged management. You must ensure from, from insecurity level, that nobody is able to open that configuration web portal change something without authentication and with additional four I principle approvement, Right?
And then we ended up at system and end point again, because the network is then the virtual or real cable and everything else is distributed between system and endpoint. Exactly. And at the end, for sure, we have the endpoint, which is traditional end user device management. And for sure malware protection on the end points, right. I reference architecture in general is something that should be considered as a cross-eyed stable.
So it should not change too much over time, but that does not mean that this architecture that you created is not capable of adapting to new security technologies, new types of building blocks as well. Oh, for sure. It is very open for that and the security fabric and the security reference architecture, some something we developed within our advisory in the past years. And it is based on the knowledge from customers from smaller customer, from bigger customers.
And for sure things change in the past and the idea of the reference architecture and the fabric is to have something like service model, to have a structure, to use, to integrate existing and new services, to react a new new requirements. And you things you need to implement on new paradigm. And this is something very essential here of the reference architecture flexibility and open for new requirements. But we missed something when we talked about the five layers, I mentioned the full service is very relevant.
I talked about the physical security here, but especially in the detection area, there's a very important part. We have things like online fraud detection, privacy and breach monitoring, anomaly detection, threat hunting, and security operation center. So really things which are relevant as part of the detection scene, but integrates into data application system, network, and endpoint. And for sure, and other very important topic is part of the respond and recover area. It is the incident response management. It is to be prepared to become victim of an attack.
These are services that cover all the areas. As you mentioned, you described it as full service. So this could be also something that is on the one hand provided as a service, for example, from the cloud or through a managed service provider. But this is also something that actually is not a technology at all. When you mentioned incident response, planning and processes. So the architecture also covers yeah. A process point of view when being prepared for responding adequately. Yeah.
This is really something we tried hard to define or to find a way to display what is really important for your security. And this is not only about systems, data, application, networks, and endpoints. It's also about governance. It's about security management. It's about full service and at the end of processes and ideas, how to do something in case of an incident maybe, and pandemic crisis and cyber tech or whatever. Great. So thank you very much, Christopher, for giving an insight into the security reference architecture, as you've mentioned, there is research already available.
You are working on refining and digging deeper into the individual aspects. I think an important aspect also will be to converge this into an overall architecture. So it's security as part of an enterprise architecture with all the interfaces that you have within an organization. So that security is really an integrated component of an enterprise architecture, right?
Yeah, absolutely. We are working on that. We are creating a new research document, which will be available or available on our website. Great final words. So for me to pick up also as well. So if you are interested as the audience of this podcast episode in learning more about the security reference architecture and unsure, you should then please go to KuppingerCole dot com type security reference architecture into our search engine, and you will find all things, security, reference architecture there, including more podcast episodes, and more research for online research.
Thank you very much, Christopher for joining me. Thank you and goodbye. Thank you. And bye-bye,