Security Speed Is Still About Reducing Latency

Enterprises are looking for ways to reduce the latency introduced by the processes needed to detect and neutralize a threat.

Lori MacVittie

June 23, 2023

4 Min Read
Security Speed Is Still About Reducing Latency
(Credit: marcos alvarado / Alamy Stock Photo)

In the past, we measured the speed at which security could process a packet and push it on to the next hop. Security solutions and services that introduced too much latency into the speed of response to the user were considered less than optimal.

Why? Since the broad adoption of the Internet as a platform for commerce and communication, we have continually measured the performance of multiple domains – notably app delivery and security – based on the speed of response to the user.  

As such, security solutions with high latency were rarely used for more than monitoring, which made their efficacy nearly zero. After all, if the lock is merely installed and never used, it doesn’t do much to stop intruders, does it?

This measure continues to dominate security decisions. We are still impatient, and security remains negotiable when weighed against response time.

That’s not conjecture. If you recall, we specifically asked about the balance between security and speed last year in our annual research and found that 76% of organizations would abandon security controls for as little as a 1% increase in performance.

We didn’t ask again. Because honestly, it’s kind of depressing.

But we did ask about a different kind of speed of response. The speed of response to incidents. And we asked in the context of the rather accelerated adoption rate of security as a service offerings.

latency

latency.jpg

Reduced latency needed to neutralize threats

There’s no mistaking these results. Organizations are flocking to security-as-a-service because they crave the speed to address emerging threats. They are looking for ways to reduce the latency introduced by the processes needed to detect and neutralize a threat. It’s still about speed, but now it’s about the speed of a process rather than the speed of a packet.

The tendency to gravitate toward security-as-a-service for its ability to rapidly address an emerging threat is based on several capabilities exhibited by a service-based model that are not present in traditional enterprise models for similar services:

  1. The provider sees a great deal more traffic and, therefore, a greater percentage of ‘bad’ traffic. It can identify emerging threats – attacks, attempts to exploit new vulnerabilities, etc. - much faster. Because the provider controls the entire infrastructure, it can rapidly deploy responses to those threats – even to customers that have not yet been targeted.

  2. A provider can test, certify, and roll out upgrades, patches, and hot-fixes much faster because it has only a few key services to worry about. The typical enterprise has, if we believe the common consensus, more than 500 different applications in operation. Many of them share the same infrastructure services, particularly when it comes to security. That means the "patch-gap," as it were, is likely to be much longer because there are potentially hundreds of applications that can be impacted.

Rapid response to threats essential

In today’s world, speed of response to threats is as important a measure as speed of response to users. It’s no surprise that Splunk’s State of Security 2023 found the top metric used by business leaders was security efficiency metrics such as MTTD (mean time to detect) and MTTR (mean time to respond), nor that the most concerned threat was zero-day vulnerabilities.

That doesn’t mean the speed of response to users is irrelevant. In fact, the balance between speed of response to threats and users is often best served by security-as-a-service offerings because the services typically operate closer to the edge, to the origin of attacks. The sooner an attack is identified and neutralized, the less load on the applications and services legitimate customers and employees rely on. And I know you’re familiar with operational axiom #2 – as load increases, performance decreases.

While there are still many types of applications and services that can't effectively leverage security-as-a-service, most of the very public-facing ones can. The key to greater security efficacy is a strategic approach that uses both security-as-a-service and traditional on-premises solutions where they make the most sense. That is, where they can provide the right balance of speed of response to users and threats.

Security is a strategic discipline today that demands the same attention to the speed of processes as that of passing packets.

Related articles:

About the Author

Lori MacVittie

Distinguished Engineer, Office of the CTO, at F5

Lori MacVittie is the  Distinguished Engineer in F5's Office of the CTO for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she authored articles on a variety of topics aimed at IT professionals. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights