“It’s not a matter of if, but when you’ll get attacked.” It may have become a hackneyed phrase but it holds true. Every organization must become more resilient to cyberattacks. As we ring in the New Year, now is a great time for the security industry to resolve to provide organizations with what they need to deal with this reality: security solutions that provide faster time to detection and resolution.
Security complexity stands in the way of meeting these requirements – for now.
On one side of the security industry are large, well-established players building security systems based on one or more flagship products. However, these systems may also contain other solutions that are not as effective as, or do not work with, other leading solutions. Niche vendors, meanwhile, are developing products aimed at closing specific security gaps.
Many organizations are quick to invest in the latest innovation that fills a known gap. The result is a “patchwork quilt” of products that is difficult for security teams to manage. The solutions may have overlapping capabilities, may not meet industry standards, and are likely not interoperable. And niche technologies that cannot be deployed at scale are simply not practical, no matter how effective they may be.
As security vendors, it is incumbent upon us to reduce complexity. This means moving toward an integrated approach to threat defense by making the following three resolutions:
1. Share intelligence locally and globally in real time - Local intelligence, based on correlation and analysis of a company’s infrastructure, provides context to inform various security functions and layers of defense in order to speed detection and remediation. Global intelligence correlates all detected events and indicators of compromise across multiple organizations for analysis and immediate, shared protection. The industry is making strides to share information more proactively and in appropriate ways, especially through alliances. But real-time, automated sharing of content between trusted entities is required for faster collaboration and decision making. The faster the industry can distribute knowledge and intelligence throughout the network in a cohesive and acceptable way, the less likely adversaries will enjoy continued success and anonymity.
2. Work within existing infrastructure - Many security technologies require organizations to overhaul their security architecture just to adapt to the latest risks. This is not a sustainable model. Most organizations can’t afford to rip and replace existing solutions to keep pace with the changing threat landscape and increase security effectiveness. Resource-constrained organizations need technologies that can integrate smoothly with existing solutions and leverage the valuable data these solutions provide to strengthen protection.
3. Incorporate automation into controls - The automated exchange of threat information is foundational to more effective security. But automation is also required to spur necessary innovation in security defense and to achieve systemic response. Security solutions must be able to act on threat intelligence, applying controls using analysis and automation for systemic response across the stack of deployed security technologies. Not only does this accelerate time to remediation, but also helps to compensate for the global cybersecurity skills shortage which hampers the ability of many security teams to respond quickly and comprehensively.
The outcome of these resolutions will be a unified movement toward a scalable, integrated threat defense architecture that provides visibility, control, intelligence, and context across many solutions. Acting as a “detection and response” framework, it will accelerate response to both known and emerging threats. By resolving to make advances in these three areas, we can reduce security complexity while helping more organizations thwart more attacks. And that’s a goal we should all aim for in the New Year.