The cybersecurity know-how area is, lets politely say, crowded. I lately returned from attending RSA, one of many largest conferences within the trade. Attempting to explain simply what number of new applied sciences and options I noticed there feels loads like attempting to explain how huge area is: Our brains cannot really course of that sort of scale.
I imagined being a chief data safety officer (CISO) at this occasion, attempting to make choices on what merchandise or applied sciences would resolve their specific group’s safety weaknesses. It was, in attempting to take care of my earlier dedication to being well mannered, overwhelming. There should be a greater method to shortly work out if a safety know-how is price evaluating.
This ecosystem we now have discovered ourselves in, of slapping new applied sciences into our safety stacks, is not working. Safety staffs in all places are pulled too skinny attempting to handle each new know-how, and menace actors are constantly breaking by way of our safety applied sciences.
So, how will we break this cycle? When searching for safety applied sciences, we begin assessing how a lot worth the know-how supplies — not simply whether or not it will possibly do what it guarantees to do, but in addition if it supplies a internet optimistic for the whole safety stack and administration groups.
We’re transferring into a brand new period of cybersecurity, and each funding have to be prudent. So as to make these choices, firms should begin asking some elementary questions on these applied sciences so as to perceive the true worth — or price — of a safety resolution. These questions of proactivity, intelligence, autonomy, scalability, and profit to the stack as an entire can assist you discover probably the most worth in each safety know-how.
Importantly, these questions can even show you how to consider your current applied sciences, as you now know in actual life how they’re (or usually are not) serving your community and your groups. The solutions would possibly shock you.
Query 1: Is the know-how proactive or reactive?
Whereas nearly any cybersecurity know-how can be fast to make use of the phrase “proactive,” we first ought to outline what the time period actually means. A really proactive know-how is one sitting “left of increase,” or, extra merely, earlier than a profitable breach. Just lately, nearly all cybersecurity know-how sits “proper of increase,” responding to and mitigating the consequences of breaches which have already occurred.
In trendy safety frameworks and stacks reminiscent of MITRE/NIST/zero trust, typically the one left-of-boom know-how in place is the firewall/next-generation firewall (NGFW). These decades-old applied sciences have been tasked with increasingly more, and but they continue to be normal. We now have to assist the remainder of the safety stack by investing in additional proactive applied sciences.
Query 2: How a lot cyber intelligence can the know-how leverage?
It has turn into more and more clear that the phrase of our time is “intelligence” — be it synthetic, human, or, extra in my world, cyber. The worth of intelligence and knowledge has by no means been greater, and this has confirmed very true within the battle in opposition to cybercriminals.
The long run is intelligence pushed, and the extra intelligence a cybersecurity know-how can act on, the higher. Any cybersecurity know-how have to be knowledgeable by as a lot cyber/menace intelligence as doable. With out the info to make knowledgeable choices about enforcement, menace actors routinely have an higher hand.
Query 3: Is the know-how (actually) autonomous?
I can’t consider a cybersecurity know-how that does not declare it’s “autonomous.” This has turn into so widespread in our trade that the phrase itself has nearly misplaced which means. Nevertheless, with a cybersecurity staffing scarcity that doesn’t look to be going away any time quickly, it’s vital we consider what we imply by “autonomous” when enthusiastic about a know-how.
What number of hours of an worker’s day (on common) does this know-how require? Does this know-how require one other full-time worker to handle the alerts or logs? Does this know-how routinely replace? (And what are the down occasions like for them?) The solutions to those questions needs to be: zero, no, and sure. Anything shouldn’t be an autonomous know-how.
Query 4: How does the know-how scale?
Menace actors have proven themselves to be nimble, creative, and protracted of their assaults. The applied sciences we implement should be capable to develop and adapt to those realities. Can they adapt to greater volumes, deeper obfuscations, and yet-unknown assault vectors? Figuring out your applied sciences can develop along with your community and adapt to an ever-changing menace panorama is important in any safety know-how funding.
Query 5: Can the know-how work simply with current applied sciences?
One of many largest drivers of cybersecurity professionals is what’s generally known as “alert fatigue.” That is brought on by too many applied sciences which can be extraordinarily delicate find threats or breaches, but are unable to speak with one another simply, throwing a number of alerts for a similar malicious visitors. The cybersecurity groups are then pressured to sift by way of a number of misguided/duplicate alerts, and are extra susceptible to errors because of the giant quantity of visitors networks are receiving day and night time. Sadly, this is only one instance of how a number of applied sciences that are not sharing data can affect a community’s cybersecurity posture.
Any new cybersecurity know-how you contemplate needs to be not only a impartial addition to the safety stack, however moderately a profit to the opposite applied sciences or folks managing them. Some inquiries to ask on this enviornment could be: Can it feed intelligence simply to different carried out applied sciences? Does it ease a ache level of one other know-how? Can it ingest data from different carried out applied sciences?
Hardly ever will a know-how be capable to adequately reply for a couple of of those questions. As an example, a know-how would possibly be capable to use a number of intelligence however is not proactive and desires fixed monitoring by staff. These are the challenges safety groups face each time they decide a few new or current safety know-how, however determining how a lot worth every know-how provides — or would not — is the perfect begin.