In a world of ever-increasingly complex technologies, some experts advocate a move to simplify. Greg Masters reports.
No one said it was going to be easy, but the task of locking down enterprise networks seems to be getting more and more complex as attackers devise ever more sophisticated ways of penetrating defenses.
A firewall once was a bulwark against intrusions, but not anymore; particularly with workers, clients and customers accessing networks via a plethora of mobile devices – everything from smartphones and laptops to Fitbit activity trackers or other health monitoring wearables, not to mention car systems connecting with central servers to keep vehicles rolling smoothly with all the amenities.
So with the threat landscape only burgeoning is there relief in sight for the harried IT administrator charged with protecting the enterprise network? In other words, what can make the job simpler?
One thing is certain: The preponderance of attackers all over the globe only boosts the need for practiced cybersecurity practitioners and the tools and services robust enough to fend off or, at least, lessen the effects of attacks. In fact, the security industry is thriving with hundreds of vendors offering products and services intended to protect businesses from malfeasance. The ads and marketing messages tout the powers of their tools to keep the bad actors out of your proprietary databases, to block malware from infecting computer systems or stave off employees from clicking on malicious links.
But there are a lot of skilled, albeit out-of-work engineers in Russia, easily tempted by the possibility of anonymously attacking from afar for easy monetary gains. Not to mention cyber forces within the Russian and Chinese militaries intent on interfering with elections or purloining industrial blueprints or intellectual property.
We've come a long way from the days of script kiddies, coders with time on their hands to dabble in mischief for nothing more than the laughs and the peacocking of their skills. Every rise in the capacity of the internet to bring convenience to users has been accompanied by an attendant shadow world of nefarious parasites exploiting the technology for their own purposes. It's been a cat-and-mouse game of solutions evolving to counter threats that at times seem to outpace the positive achievements.
How can this world in conflict get simpler?
From the perspective of Erik Avakian (left), CISO of the commonwealth of Pennsylvania, the security tools and solutions from all of the various vendors need to integrate better with one another. While he says there have been some improvements over recent years, particularly in cross vendor solutions sharing information, Avakian believes there is room for improvement related to how these various solutions can "directly" talk to one another.
In addition to being an enterprise information security officer, Avakian is also a musician. To illustrate his idea, he makes an analogy using music. Back in the mid- to late-1970s, he explains, all the synthesizers made by different companies could not connect or talk to each other. This is similar to the issues we have today with all of the security tools and solutions from various vendors.
Finally, in the early 80s, he says, someone [Dave Smith] developed and released a new interface technology, called MIDI (Musical Instrument Digital Interface). The digital standard included a physical port that each manufacturer could include in their products that – with a special cable – enabled the different instruments from all the different vendors and manufacturers to be connected to one another.
"Instantly, all the different products could talk to one another and share musical information," Avakian explains. Eventually all manufacturers added the capability to their synthesizer products and today it is a standard, he says, with all makes and models expected to have MIDI included.