Today’s digital world is drastically different than it was 10 years ago. It is arguably, drastically different than it was 1 year ago. The migration from on premise solutions to cloud solutions, mobility, IoT, client computing have all evolved to name a few. The numerous innovations are continually evolving. Those innovations are plaguing security professionals constantly trying to “keep up”. The notion of doing more with less is exhausting. As a security professional, it’s only a matter of time until the threats become too frequent, malicious, and over whelming.
Collaborating with many organizations, both private and public, their approach to security many times is tactical and not strategic in their thinking. Typically, organizations don’t budget enough for quality talent to help ensure good security outcomes. Instead of paying for the “rock-star” talent they merely settle for an individual with a security certification. As the late Steve Jobs put it, “A small team of A+ players can run circles around B or C players.” The top-tier players are sparse and are in more demand than ever before. Another option, is to apply a different architectural model to the enterprise to enable the security teams rather than disable them.
Historically, for protection the philosophy has been to throw layer on layer and hope that one of the layers catches the bad guy. This isn’t practical because, frequently, we don’t have enough people to address every potential security event. The complexity becomes a chasm of consoles which makes it difficult to derive context quickly and accurately and invariably is more costly. Is this bad or is this good? For decades the approach has continually resulted in throwing another technology on top of technology, while, expecting a different outcome. Is that the definition of insanity? Perhaps. Now more than ever, we must think differently and approach the problems with an architecture rather than a sum of dysfunctional parts – that work well on their own, but not as a combined group of functions.
The approach – many of us frequently travel and know that one of the most critical aspects of the aviation industry is safety, what the industry calls the “Critical Area” – this area of the airport is where all aircraft, vehicles, persons or physical obstructions must remain clear when the aircraft’s instrumentation is in use to prevent signal interference. This helps ensure the aircraft is able to safely land without obstructions to the overall landing procedure. In other words, the Critical Area is a clear line of sight to reduce risk and ensure success in a critical window of time.
Figure 1: Critical Area for aviation – a defined architecture*
Can you apply the analogy of the Critical Area to security? The answer is yes – without a doubt. The Critical Area is a sum of parts and procedures. Similarly, a defined architecture allows different elements to be plugged into, allowing the sums of the parts to become better than if they are alone. For example, the relationship of the aircraft with the tower or runway with the aircraft – all of them are needed and hence work better together in that architecture.
There is hope – such a security architecture exists – it exists so that current security investments, that would otherwise be disparate in their approach, can now easily be inserted into an adaptable security architecture. Its guiding principles are Protect, Detect and Correct; meaning now it’s possible for all security technologies to collaborate with one another, whether they are from one vendor or a 3rd party. The technologies can now enhance each other’s abilities, allowing for better protection, faster detection and much faster correction. The layered model is loaded with propriety detection capabilities. The layered model generally doesn’t allow for collaboration with other detection technologies unless an expensive connector has been built that leverages an API. This layered model is slow and permeable, allowing for the rat in the maze to find the cheese which is just a matter of time.
It DOES start with architecture.
McAfee Data Exchange Layer, DXL for short – is the essential enabling security messaging architecture that changes how we approach the fundamental problem of security tools and their implementation of those tools. DXL breaks down the silos of security technologies and allows them to seamlessly collaborate with one another. Rather than individual integrations between individual applications and vendors, each app integrates with an abstraction layer—simple, fast, and agnostic to the proprietary architecture of the individual vendor. Through a publish/subscribe model, an app can get updated when data changes, or ask and get a quick answer, such as the answer to the question “is this safe or is this bad?” The DXL architecture matures the security approach and transforms the various security tools to “plug-in’s” and, therefore, enhances their overall value to the business. And, by the way, DXL is now open as OpenDXL, with a github project for industry developers.
To conclude ask yourself some questions –
- “Are we approaching the problem the same way?”
- “Is our security staff tired of street fighting?”
- “Is our security spending too high with little notable results?
Changing the approach to security with architecture is the right path to generate better results, which will allow us all to keep our sanity.
*Critical Area – https://en.wikipedia.org/wiki/Critical_area_(aeronautics)