Council Post: Overcoming Vast Exploitable Gaps Caused By Single-Function Cybersecurity Sprawl
David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). develops cybersecurity software for organizations.
While the future of technology continues to evolve, the path of cybersecurity is clear. For years, organizations have acquired discrete security products, like threat detection, virtual private networks, secure email gateways and endpoint protection, among others. This sprawl of single-function products is a source of great stress for IT and security teams that are now confronted with complex and fragmented security postures.
Our Cyber And Physical Worlds Are Intrinsically Intertwined
In attempting to secure their data and IT resources, IT and security operations are faced with the limitations of trying to stitch together a patchwork of products. These siloed solutions can’t communicate, coalesce their data and effectively share policies, logs or remote telemetry data.
Digital transformation is changing our world. Not just 1’s and 0’s, it’s changing our physical world, too. Technology and our physical world are no longer clearly separable. Organizations must move beyond technology transformation and optimizing workflows. To protect IT resources and customer data, they need technology that eliminates vulnerable security gaps and exploitable holes. They should be spending less time on manual security configurations and processes and more time creating exceptional user experiences that drive personalization to improve business outcomes.
Trying to manage dozens of independent security tools comes with substantial operations overhead. Technology complexity is driving security operations to replace, by consolidation, the number of different vendor products they deploy.
Improving Cybersecurity Forensics With A Coalesced Approach
Compounding cybersecurity sprawl is organizations voraciously expanding digital footprints. Many new attack surfaces are being exposed with the explosive adoption of multiple clouds, work from anywhere, IoT devices and mobile users. Organizations are forced to abandon traditional corporate perimeters, replacing them with distributed cybersecurity that is centrally managed and controlled with multi-functional platforms. A unified cybersecurity defense is becoming a business imperative to eliminate exploitable security weak points caused by disparate security products and tools.
Punctuation and the space between words serve to help us more clearly understand what a sentence means and the intent of the author. Musical notations and the silence between notes can help us distinguish different sections of a score and capture the mood of a piece. We are free to fill in the blanks and subjectively interpret. Spaces and silence can lend clarity and meaning.
In the world of cybersecurity forensics, we require cohesion and visibility in order to identify anomalies, risks and vulnerabilities that bad actors can exploit. Hackers use many different tactics in their efforts to exploit technology flaws and human vulnerabilities. Cybersecurity enabled by artificial intelligence and machine learning can help security teams distinguish between normal and anomalous activity, while analytics provide a better understanding of the hacker’s intentions.
Cyberattacks can include multiple stages that together comprise an attack chain. Attacks that are detected at the point of origin can be immediately killed to prevent data loss and malware that can spread across the network. Just as in our physical world, cyberattacks contain evidence that is traceable. Analyzing a cyberattack chain of evidence requires deep intelligence, visibility and insights across all attack surfaces. Insightful data that have been coalesced and analyzed from multiple network entry points and across other internal attack surfaces enable investigations to rapidly prevent and mitigate attacks.
The best way to eliminate security skeletons lurking in an organization’s proverbial closet is to unify cybersecurity intelligence. This can deliver greater forensic clarity by providing a single dashboard view of all attack vectors and surfaces. That single-view perspective can succinctly align the cross-connections of multiple natively integrated security functions with deep contextual data. Applying sophisticated analytics and threat intelligence provides a view of the full context of an attack, with complete visibility across the entire chain of events.
Automating Multifunctional Security Makes Organizations More Secure
Not only do cybersecurity solutions need to be more unified, but they also need to be extensible to support an open framework for interoperability. This allows them to share information with management platforms like security orchestration, automation and response (SOAR) and security, information and event management (SIEM).
Putting human capital to work and building strategic initiatives that improve business operations and performance pays huge dividends over tedious, time-consuming manual configurations and mind-numbing repetitive tasks.
Security automation allows IT and security operations to focus on strategic projects without getting bogged down with the processes underpinning their work. This enables them to accomplish more and with greater accuracy. Automating processes eliminates manual steps to reduce the time required to obtain data from multiple attack vectors and attack surfaces for analysis. This can reduce the time and effort collecting, coalescing and analyzing cyberattacks, from hours, or even days, to just minutes.
Security analysts can quickly and clearly see timelines and attack paths that may cross secure email gateways, endpoints, servers, clouds and networks to quickly initiate the necessary responses. A strong and cohesive cybersecurity posture can be built upon natively integrated multiple security functions and automatically aggregate the attack chain of activities within an intuitive and comprehensive view. This will enable security analysts to make high-confidence decisions, with fewer alerts that are prioritized for quick action.
The process of vetting vendors is a form of risk management that allows organizations to align their technology partners with documented policies to manage risk and regulatory compliance. Establishing a criterion to judge vendors reduces risk exposure. Start with the following:
* Integrated Cybersecurity Intelligence: Where possible, architect solutions that have deeply integrated intelligence sharing.
* Schedule Forensics Gathering: Get ahead of problems by scheduling forensics collection on business-critical machines and establishing baselines.
* Reduce Vendor Sprawl: Where possible, utilize single vendors with multiple solutions to increase intelligence unification and action.
* Ensure Platform Flexibility: A security platform must be flexible in reporting and control capabilities and accessible in a mobile capacity for immediate access from anywhere.
* Platform Integration Solution Depth: A platform that handles multiple streams of intelligence from various solution types builds a broader view of the overall cybersecurity landscape.
Every vendor will have its strengths and weaknesses, so matching up technology goals and business requirements with a vendor’s strengths is critical.
Originally published at https://www.forbes.com.