Automation and orchestration will be essential components of security in 2017.
In the spirit of the holiday season and after a weekend marathon of watching the greatest Christmas movies ever made, I offer the following observations for my fellow cybersecurity friends and those chartered with defending critical assets.
CISO Ralphie Parker wants only one thing for Christmas: a Red Ryder Carbine Action 200-shot Range Model malware BB gun. Ralphie's desire is rejected by his CIO, his CFO, and even a department store Santa Claus security consultant, all of whom give him the same warning: "You'll shoot your eye out."
Christmas morning arrives, and Ralphie dives into his presents, opening a bunch of new cybersecurity tools. Although he receives some tools he enjoys, Ralphie is ultimately disappointed that he did not receive the one thing he wanted more than anything. After Ralphie thinks that all the presents have been opened, his father and CEO directs him to look at one last gift that he had hidden. Ralphie opens it to reveal the coveted Red Ryder malware BB gun.
Ralphie takes his new malware gun outside and fires it at the latest malware of the day. However, the BB ricochets back at Ralphie and knocks his SIEM glasses off his face. While searching for them, thinking he has indeed shot his eye out, Ralphie accidentally steps on his glasses and breaks them. To cover up the incident, Ralphie tells his CIO that a falling icicle was responsible for the cybersecurity breach.
We have all seen leadership become fascinated with the latest cybertool of the day and decide to throw it into the mix of existing tools, only to have things quickly go awry. Visibility, manageability, and interoperability are not often the primary goals when adding a new capability, making a difficult situation more complex.
While it is paramount that businesses and governments remain agile and competitive in our new reality, they also need to stay within acceptable levels of operational risk. Three overarching challenges continue to drive security strategies:
We recently surveyed over 2,000 IT security decision-makers around the world, and when asked what it would take to overcome these security challenges, they split roughly in half into two very different groups:
One group favored a best-of-breed approach, believing that self-integration of disparate technologies with manual processes delivers the best security outcomes. This is the traditional “defense in depth” school of thought, assuming that technology diversity drives a better overall security posture using human capital to make the parts into a system.
The other group favored an integrated platform approach, believing that an open and integrated security framework enabling consolidation and automation yields better overall security results. This group sees efficiency as a key component to success.
When you run the numbers, it becomes clear that we cannot solve the growing complexity and risk equation by throwing more people at the problem. Not only is there not enough grey matter to go around, the speed and scale of the problem demands the combined advantages of human and machine processing. Automation and orchestration will be essential components of security in 2017, and Ralphie needs to rewrite his Christmas list.