In today’s rapidly evolving IT environment, CIOs and CISOs face an increasing level of complexity, both in the IT systems we manage and the cyberthreats we face.
On top of managing and configuring the growing number of tools, devices, and applications within the enterprise network and distributed across multicloud hybrid environments, our teams also need to wrestle with growing organizational complexity of detecting and mitigating cyberthreats. For example, the security team that detects a threat may not be the same group responsible for mitigation and incident response. As a result, a lag between threat detection and mitigation may occur and can last for hours, days, months, and in some cases, even years. This is particularly significant given the increasing frequency of attacks using advanced malware that can cause irreparable damage in a matter of minutes.
The drive towards digital transformation is further compounding these technological and organizational challenges. The result is that many organizations are not making substantial progress in improving their security posture – as evidence by the growing number and impact of data breaches.
As we become even more integrated and interconnected, we need better ways to manage complexity. One way to accomplish this is through integration and automation for better visibility and control – especially in highly elastic environments. As a result, we’re seeing a need to move away from isolated point defense systems like individual firewalls and intrusion detection systems, to a more comprehensive risk-management framework that weaves disparate security devices into a single, holistic security fabric.
To address cybersecurity moving forward we need an approach that leverages intelligence and operates at machine speed. We need an integrated ecosystem of security elements that can share information, automate policies, and respond to threats in a coordinated manner at speed and scale. That’s the key because today’s digital enterprise operates in real time, is always on and is globally distributed. CISOs are familiar with this approach because security professionals have been attempting to build fabrics from day one.
We began this journey back in the late 1990s, when many of us deployed our first packet filtering firewalls, then stateful inspection firewalls, followed by our first intrusion detection systems. Then we deployed more sophisticated intrusion detection and prevention systems, and NGFW platforms. These devices generated so many alerts and such complexity that we had to deploy Security Event Management tools (SEM). Since then, we have added even more new tools like Sandboxes and Advanced Threat Protection systems to detect increasingly evasive and sophisticated threats. As complexity grew, we added Security Information and Event Management (SIEM) and analytics platforms – plugged in third-party intelligence services and hoped it would all work.
We have been individually building a custom security fabric of sorts all along. We were buying a hodgepodge of technologies, plugging them into the network, and hoping they would all work together to protect our companies and our infrastructure.
Essentially what we did was take on the development and support burden of proprietary and third-party technology integration, the quality assurance work, as well as the normal operational responsibilities of securing an enterprise. With few exceptions, it didn’t quite work the way we had hoped. So now, just as our networks are in the midst of perhaps the most dramatic digital transformation ever, our security strategy is operating at a level of complexity that is overwhelming our IT and security teams.
We need a different approach. Instead of doing all of the integration ourselves and hoping for the best, we need a neural network of devices that is natively designed to integrate, interoperate, communicate, share information and act at speed and scale. With such a security fabric in place, visibility can be extended to the furthest reaches of our extended networks, all threat information can be collected and correlated centrally, and the fabric itself can deliver automated security response and orchestration. Blending that integrated and automated security fabric with real-time global threat intelligence is the only way we can really address the increasingly dynamic, distributed, and complex security environment we are faced with today. Very good security can be done for select systems, facilities and networks, but the challenge today is to do that from the IoT edge, across the enterprise network to hybrid clouds. That is why security at speed and scale is so important.
For example, about 5 years ago the interval between the detonation of advanced destructive malware to the point of irrecoverable damage was about 30 minutes. Today, we typically have less than 10 minutes to mitigate. There’s no way that our current method of manual detection and response can work within that timeframe, especially not in today’s network-of-networks environment. Organizations simply cannot afford to have isolated point defense systems managed through separate consoles and in some cases by different teams, when the time to respond is so short.
Traditional manual detection and mitigation approaches are incapable of dealing with increasing levels of complexity. For example, asset and vulnerability management should be automated. It is becoming very difficult to prevent or detect a well-designed, persistent attack. Prevention strategies and tools are still important, but cybersecurity is essentially an exercise in risk management via identification, protection, detection, response and recovery strategies. Cybersecurity is a multi-dimensional operating domain and is about understanding and managing risk. The practical reality is that data breaches are inevitable but material damage does not need to be. We all recognize that any decent pen tester, red team, let alone a nation-state actor or organized crime syndicate can break into most networks. Having read over 10,000 data breach summaries in my career, it’s quite apparent that risk management is the right approach.
Once you fully recognize the scope and scale of the threats we face today, you start to focus on seeing, anticipating, and responding to risk across your organization. What risks are you willing to absorb and mitigate? What risks are you going to transfer to a managed security service provider, to a cloud service provider, or to a cyber insurance company?
Moving to a risk management perspective requires an understanding of the risks you face and the nature and capabilities of the IT resources at your disposal. You can’t defend what you can’t see. Which means you need visibility across your entire ecosystem, from the IoT edge to your multicloud environment. To understand what’s happening you need solid baseline information about your normal state and intelligence for context about what’s happening at any given moment – present or historical. You need a global network of sensors and researchers who can accurately interpret what’s happening across the threat environment, understand the latest tactics, techniques and procedures to design automated systems to respond at speed and scale.
Cybersecurity is highly complex and will become even more so as digital transformation takes root. Protecting your organization requires a built-by-design security fabric that weaves deep automated visibility, detection, response, orchestration with real-time intelligence together into a single, adaptive system that spans your entire ecosystem from IoT to the cloud – delivering security at speed and scale.
For more information, download our paper and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evalutate.