Breaking through the cybersecurity bubble
At the recent RSA cybersecurity conference, interoperability and cooperation were a common theme, but not everyone is taking it seriously
Originally published on CIO.com
For many in the cybersecurity space, the world revolves around the attack vector. Many security vendors narrowly focus on their version of the prevent, defend and respond paradigm—focusing on their purported supremacy and on making their case to get a piece of the enterprise security budget pie.
At the recent RSA Conference in San Francisco, however, there were some hopeful signs that this narrow view and myopic perspective is evolving—at least for some.
“Don't draw lines that separate different fields. Draw connections that bring them together,” implored RSA CTO Dr. Zulfikar Ramzan in the opening keynote as he called for business-driven security. “In my experience, today's security professionals must also draw connections between security details and business objectives.”
+ Also on Network World: Experts at RSA give their best cybersecurity advice +
Chris Young, senior vice president and general manager of Intel Security, echoed these sentiments.
“The cybersecurity sector is the most fragmented in all of IT,” he said during his keynote. “None of us can go it alone. We must work together.”
The missing business link
While this message of collaboration, integration and the need for a business focus is encouraging, significant gaps clearly remain in how cybersecurity vendors are responding.
At a luncheon hosted by a venture capital firm held concurrent to the event, an executive from a major financial services company expressed his exasperation.
“There’s a sea of security vendors, but they are missing the business context,” the executive explained. “These security tools produce a lot of data, but how do I take that information and make use of it and manage it?”
He went on to explain that they end up building a significant amount of their cybersecurity technology stack in house and from scratch because they cannot find tools to help them connect the dots between cybersecurity data and the business context in which they must operate.
The result is that they are creating what he termed a "business bus" for their security operations that helps them connect the dots between security systems and business processes, manage in-bound and out-bound communications and guide remediation efforts.
He had clear advice for cybersecurity vendors trying to work with them: “We want to know how you can help us reduce risk fast—while working with what we already have.”
Hope for an interoperable future
On the show floor, many cybersecurity vendors made mention of interoperability, but it was little more than talk. Instead, the prevailing approach was "land and expand," as major vendors seek to lay claim to as much of the cybersecurity stack as possible.
Still, there were signs of hope for a dynamic and interoperable future. Several cybersecurity vendors demonstrated solutions specifically designed to help enterprise organizations connect the dots and find clarity in the cybersecurity noise:
Darklight: Darklight has developed an AI-powered security analytics platform that pulls together the array data from security appliances and other security systems deployed in enterprise organizations. Its aim is to augment security analyst capabilities and enable them to rapidly contextualize and correlate security data.
Empow: Empow offers what they call a security abstraction and orchestration tool that allows organizations to abstract data from their existing toolsets, correlate it and determine attack “intent.” Their aim is to optimize security operations and provide organizations with a way to continually leverage advancements in security techniques and tools without impacting operations.
LookingGlass: LookingGlass offers a portfolio of threat intelligence services that collect information about external threats to an enterprise. They then deliver the resulting threat intelligence data feeds to either their own threat intelligence platform or can easily integrate their data feeds into other systems, giving organizations the ability to monitor external threats and operationalize their response.
ProtectWise: ProtectWise developed its solution based on three premises: that organizations need more than just detection, that complex attacks happen over time, and that the increasing cybersecurity talent gap demands more efficient, easier ways to do the job. The company's immersive analytics and visualization tool integrates network and security data to enable security analysts to rapidly identify high-priority incidents and complete forensic playbacks.
SecBI: SecBI claims that existing detection tools miss as much as 90 percent of malicious activity occurring within the enterprise. Its solution is to ingest network security gateway logs and apply an AI-technique called cluster analysis to identify anomalous behavior that other systems miss, long before there is a significant business impact.
Connecting security to the rest of the world
As the financial services executive made clear, however, interoperability is only the start. Organizations must also rationalize security data in a business context and manage it holistically as part of the overall IT and business operating model. A group of vendors is also attempting to tackle this challenge, albeit from vastly different perspectives:
Covata: Covata’s new platform offering, called Delta, enables organizations to leverage cloud APIs and an SDK to integrate identity, policy and encryption keys directly into the application development process. Its goal is to allow enterprise developers to embed enhanced security practices at the time of development via its security-as-a-service approach.
Skyport Systems: Skyport delivers a hyperconverged platform with "security at the core." Its philosophy is that security baked into the core infrastructure architecture will ensure greater protection (via ease of use and consistency) than security bolted on after the fact.
Ziften: Ziften is bridging the gap between IT operations and security operations. Its solution collects operational data on servers and other infrastructure so that operations staff can rapidly correlate it in the event of a security incident, with the goal of helping ITOps and SecOps work better together.
As organizations undertake the hard work of transforming themselves into digital enterprises, one thing becomes abundantly clear: Nothing can operate in a silo. In the digital enterprise, everything is connected and must move fluidly and at velocity in order for the organization to thrive.
In an increasingly dangerous world in which organizations are under constant attack, the seamless integration of cybersecurity into every aspect of the business operating model is a strategic imperative. Organizations that successfully manage this integration and balance it with the need for organizational speed and agility—and those cybersecurity vendors that enable it—will be the ones that come out on top.