Change. “There is a time appointed for everything and a time for every purpose—”
Imagine trying to change a cowboy wagon to upgrade its performance to make it comparable to a Ferrari? Crazy right? We’d never try right? Because the wagon has a fundamentally different architecture and was built for a different purpose. So merely upgrading the engine (for example) obviously would not work. Yet, this is what we often set out to do in cyber security.
Change at RSA Conference 2017
The major security vendors are back and they are drawing a line in the sand. A line between legacy security strategies and new. It is becoming clear that some major vendors are undertaking a strategy of, “don’t buy your security tools from 50 different vendors.”
This concept is old, and is based on fairly solid market research that most large entities do not use a homogeneous security tool-set. However entities suffer from this diverse tool-set “problem” because the cyber security industry created it. Specifically, for every new threat, we spin up a new product (often nowadays a whole startup). These products / startups try to solve today’s problem, for tomorrow’s problem…rinse and repeat.
Maybe thought leadership says we need to help our clients extract maximum value out of all their (often times widely diverse) security tools not just the ones from brand-x. Because of this the age old idea of competing on everything from detection methodology to actual threat information is a dying paradigm.
Change in crime
If one thing is obvious it’s that in cyber security change is constant. It is noteworthy that long ago, in 2011 Interpol stated for the first time that the costs of cyber crime had overtaken the combined costs of illicit sales of marijuana, cocaine and heroin.
Consequently, did existing criminal organizations, who for ages had built infrastructure to support narcotics sale, human trafficking and other forms of crime stagnate? No, they changed. Rather now, Interpol states, those same organizations are thriving organized cyber crime businesses.
Change our approach
First and foremost a partner needs to show the intellectual honesty to admit what they can and cannot do for your security. This is why I message passionately around the need to help our clients build effective security infrastructures. Additionally, rather than a bunch of diverse tools, I try to point clients to the value of a connected and orchestrated bunch of diverse tools. As a result the choice becomes less best of breed vs. integrated and more your tools: integrated. This change in approach allows us to measurably increase security effectiveness. Additionally, we improve efficiency, improving time to protect / remediate. Most of all security stops being an impediment to the business’ primary objectives and changes into a facilitator.
First re-assess your security approach today, determine a baseline (current state) then implement methods to measure the results of every action you take.
Challenge any vendor to show how their product(s) will add a measurable improvement to your security baseline.
Furthermore demand that your vendors position solutions, not products. Does the tool you’re considering stand on it’s own, or does will it become an integral part of your security?
Finally, ensure that you benefit at multiple infrastructural layers with every new threat that is detected regardless of detection tool. Why? Because:
“Strategic planning is the key to warfare; to win, you need shared intelligence from multiple sources.”