Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cybersecurity Needs a Moonshot!

Adaptive User Segmentation

Adaptive User Segmentation

We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.President John F. Kennedy, September 12, 1962    

Coming out of the 2016 RSA Conference, it is clear we have hit a watershed moment in the history of the IT industry. After several years of hundreds of billions of dollars invested across a range of security technologies, it is self-evident that cyber presents a huge paradox to organizations of all types. The growth of cloud, mobile, and agile computing capabilities has delivered a golden renaissance of innovation.

• The iPhone is the digital equivalent of Hitchhikers Guide to the Galaxy

• Amazon Web Services is eating the infrastructure world like a black hole

• Today is a software company, embracing agile development to support business initiatives

In the security space, though, we have nearly conceded defeat. People are going around saying: “assume not that you will not be hacked, but that you will be hacked.” How uplifting!

It is time for things to change.

Forty-three years ago, when President Kennedy called for a man on the moon, many were skeptical. Today, people are equally skeptical about our ability to re-establish control of our own computing systems.

What happens if this was the time when things changed? What happens if we committed to leveling the playing field between attackers and defenders? What happens if we take a clean piece of paper to how we think about restoring trust to our computing—where security enables innovation rather than stifles it? 

Advertisement. Scroll to continue reading.

What happens if we acknowledge that no one vendor has the entire solution?   

The vendor part of the security industry—yes, I am calling myself out—has failed its customers. Einstein allegedly defined insanity as “doing the same thing over and over again and expecting different results.”

Companies claim to innovate, but all they do is present different versions of old models. A firewall that runs on a software platform is still a firewall. If your security is tied to infrastructure, you are leashed to a world where you have to own the infrastructure—sorry AWS, Azure—and more onerously, need to upgrade the infrastructure to upgrade your security. 

I would never claim that my company has the answer for cybersecurity. But we represent a movement that unshackles security from the past to make it responsive to the dynamic, distributed, heterogeneous, and hybrid world into which we are moving.

Here are my 7 points to a cybersecurity moonshot program:

1. Turn everything inside out.  We take back our computing from the inside out, from the applications out and not the infrastructure in.  In the cyber world, the perimeter attacker only has to be right once and the defender has to slip once. Why not shift the logic so the attacker only has to make one mistake and the defender will catch it?

2. Trust nothing. Start with the premise that everything is untrusted and establish trusted relationships between users and applications in a granular and controlled way. This is the heart of a whitelist model.

3. Build tighter and tighter segmentation around smaller and smaller attack surfaces. The biggest challenge to granular segmentation has been complex and fragile networks, firewall rules, and outdated application-entitlement strategies. The smaller the surface, the less damage. The tighter the segmentation, the fewer false positives. 

4. Make security part of the application life cycle. Today security is most frequently added after applications are built.  What happens if developers are equal participants in security? Eliminate the false boundaries among application, infrastructure, and security teams. From a security perspective, all three groups must work hand in glove.

5. Decouple and automate. Infrastructure security has enormous benefits in most security approaches but it comes with two distinct disadvantages: what happens when you don’t own the infrastructure (e.g., AWS), and what happens when you do not want to upgrade your infrastructure to keep up with your security needs. Moreover, security that requires detailed oversight and management of every command by human middleware is bound to fail. Computers (and a lot of math) were instrumental to the moonshot program. Algorithms and machine learning will play a role in our cyber future.

6. Manage both sides of the equation: applications and clients. Today people see end-point and infrastructure security as two separate issues. Through Adaptive User Segmentation, it is possible to fuse these two areas and make data center computing more secure.  Do not create gaps in protection.

7. Make security part of the business, not just IT. A lot of pundits talk about Board of Director oversight of IT security. Having been a board member several times in my career, I agree it is a key area of risk that boards must monitor. But long before Board oversight of cyber needs to occur, management teams must make it a priority.  Where is it baked into the reward system of an executive team? Which of the CEO’s direct reports owns cyber end-to-end for a business?

Regaining control of the cyber landscape will not be easy. There is no magic bullet. But a steady plan that both builds on the best practices of today and anticipates and takes action for the world we are moving into presents the last best hope for creating trust again in IT.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet