Trend Micro is the latest provider of cybersecurity tools and platforms to outline an ambitious agenda to deliver cybersecurity as a service via the cloud.
Greg Young, vice president of Cybersecurity at Trend Micro, said the Trend Micro Cloud One platform scheduled to be available in the first quarter of next year will, from a cybersecurity perspective, enable IT organizations to become a lot more agile. Instead of IT organizations having to manage isolated point products, cybersecurity will soon be delivered as an integrated set of services they can consume as needed, he said.
Initially, the Trend Micro Cloud One platform will have three integrated services addressing workload security, network security and application security. The other components—to address everything from container image and cloud posture management to file storage security—will be made available as standalone solutions, However, the goal is to have every cybersecurity service fully integrated by the end of next year, said Young.
In some instances, the mechanisms through which cybersecurity will be managed will be accessed via a traditional graphical user interface (GUI) by a cybersecurity professional, while in other cases developers will invoke application programming interfaces (APIs) to implement cybersecurity controls within their application within the context of a set of best DevSecOps practices. The challenge organizations face is that cloud infrastructure changes rapidly when compared to traditional on-premises IT environments, where chief information security officers (CISOs) have more control over how platforms were employed, added Young.
These days not only is no one certain that cloud resources are configured properly, but Young also noted it’s becoming more difficult with the rise of microservices to determine which policies should be applied to what specific API services. More challenging still, those microservices might not even run for an especially long period of time. That could result in a microservice being spun up and compromised before the cybersecurity team even knows it existed.
To address that issue, Young said organizations will also need to strike a balance between cybersecurity tasks and processes that can be automated using machine learning algorithms and other forms of artificial intelligence (AI) and the need to give various members of the IT organization the ability to manage and modify cybersecurity policies in the face of rapidly changing business conditions.
Trend Micro, like most cybersecurity vendors, is clearly transitioning toward delivering cybersecurity as a service in part to address the chronic shortage of cybersecurity expertise currently available. Most organizations know they can’t keep throwing people they don’t have at cybersecurity processes that need to be applied at unprecedented levels of scale. They also know they don’t have the funding and expertise required to automate those processes on their own.
In the meantime, it’s also apparent cybercriminals are also investing in automation and AI to not just launch more attacks faster, but also to target those attacks. In effect, a long-running cybersecurity arms race is about to enter a whole new phase. The only unknown question is whether cybersecurity services will evolve soon enough to mitigate cybersecurity threats that are becoming more lethal with each passing day.