The challenge of securing our networks is accelerating, primarily in direct response to digital transformation efforts that are expanding the attack surface. Cybercriminals are all too eager to exploit new attack vectors and take advantage of new limitations in our visibility and span of control.
The problem is that too many of our security solutions not only operate in relative isolation—meaning that they don’t do a very good job of sharing threat intelligence with other security tools—they also still tend to be perimeter-based, which is ironic given that the industry has been touting borderless networks for quite some time.
Part of the problem is that even as the border is eroding, we still tend to think of our networks in traditional terms, with an assumption that the data center sits at the core, the network is reasonably static, and that all other elements — mobile users and devices, branch offices, and multi-cloud environments — branch off from that central network in a hub and spoke design. Today, however, data is highly distributed, and the perimeter is not only disappearing, it is being replaced with a sophisticated, meshed network of networks made up of components that are not only virtual, but are frequently temporary.
Security Solutions Are Growing at About the Same Rate as Cyber Threats
So it is not unexpected that security entrepreneurs would see this new threat landscape as the ideal time to introduce new products into the market. But for organizations looking to expand or upgrade their security, there is literally too much information to consume. The recent RSA conference was a perfect encapsulation of the problem. Over 30,000 attendees interfaced with over 400 security vendors, each of which was promoting their security widget as a critical lynchpin in any security architecture.
But without universal performance standards and no governing body to review and verify the claims made in marketing materials and on spec sheets, consumers are forced to base critical decisions on information that could come, quite literally, from anywhere—with nothing but vendors’ assurances to back them up. For those of you new to this, imagine self-diagnosing all your medical decisions based on pharmaceutical advertising—with no FDA, no standards for the claims being made, and no way to verify the benefits and risks—and you will have an idea of what most CISOs and their teams must contend with when selecting digital security vendors and services.
Unfortunately, such decisions are not only very expensive, they also have a significant influence on a wide range of current important future security decisions and positions, such as critical and sensitive data being increasingly distributed and constantly in motion.
Sorting Through Hype
To help organizations struggling not only with the expanding threat landscape, but the growing solutions landscape as well, here are a few strategies for cutting through all of the hype:
- Leverage third-party testing. Datasheets from vendors can be notoriously unreliable. Everything from the packet size of the test traffic, the rate and volume of connections being made, the sorts of threats being used in the test bed, and even the combination of features being tested can make it impossible to compare one set of vendor information from another. Subjecting these solutions to third-party testing not only levels the playing field, it can expose weaknesses in a solution that the vendor may be trying to obscure from view when they get to control the results.
- Avoid point solutions. A surprising number of vendors are still pushing solutions designed to address some specific aspect of the security challenge (a point solution), but that don’t integrate very well with the larger security infrastructure. Unfortunately, most organizations already have a security closet filled with tools like these. Instead, to be truly effective, security solutions need to support open standards and cross-vendor interoperability. The reality is, solutions that operate in a vacuum don’t really move the ball forward, and should probably be avoided. Any tool that can’t operate across different environments, isn’t available in multiple form factors, or doesn’t easily integrate across solutions is going to add complexity to your security environment. And complexity is the enemy of effective security.
- Watch for the commoditization of innovation. Far too many solutions fall into the “we do that too” camp without really having done their due diligence. For example, nearly every vendor managed to slap a “cloud-ready” sticker on their devices a few years ago, but as it turned out, that didn’t mean much. Most tools were limited to supporting only one or two cloud providers, and even then they were unable to leverage the advantages of native controls. Today, we are seeing the same thing with AI. Rather than being swayed by claims, buyers need to first determine if AI is necessary for their solution strategy, and then learn enough about it to ask relevant questions. For example, AI requires a minimum of 3 to 5 years of training to be effective and reliable. That training needs to be very specialized (the AI community recommends that supervised, unsupervised, and reinforcement learning all be used) and requires the use of massive amounts of data. And any AI system that can’t access, at a minimum, tens or hundreds of millions of nodes for decision-making is going to be inadequate.
- Effective solutions require high performance and deep interconnectivity. Security tools need to be fast, even when performing CPU-intensive functions like inspecting encrypted traffic. And they need to be able to understand and secure a digital world where different solutions and network environments are being hyperconnected without losing track of data and devices or introducing security gaps that can be exploited.
Adjusting our traditional security paradigms is a matter of shifting from a micro to a macro focus when looking at potential security solutions. Organizations require solutions that allow a unified security strategy to be applied to every device, regardless of their function or location, so you can see farther and engage more effectively with less overhead.
In today’s meshed and increasingly perimeterless networks, security teams need to be able to identify everything connected to their ecosystem—including its state and configuration, validate requests for access, and monitor and encrypt all traffic. This requires vendors and security professionals alike to consider security devices less in terms of features, and more in light of their ability to participate as an integral part of an integrated security strategy that solutions not only share and correlate threat intelligence, but that can also actively participate in any coordinated response to detected threats.