The era of silver bullet point solutions has created major problems for cybersecurity management – from operations to intelligence and response. Skybox Security EMEA VP Justin Coker looks at how integrated security analytics are taking up the challenge.
Necessity is the mother of invention. To match the demands of a threat landscape that has grown exponentially in the last decade, cybersecurity innovation has moved at a breakneck pace. Like all innovation, it solves an immediate need – but it's difficult to see the new issues it will cause.
Cybersecurity point products that focus on one problem – or even one class of problems – have created major obstacles in security management and operations – in sourcing talent to wield these products and, most importantly, in comprehensive visibility of the attack surface. Lack of communication and integration between various vendors and solution sets have created disconnected environments, making it difficult to pull together the intelligence needed to gauge security status, preemptively strengthen defenses or respond quickly to an emerging threat or ongoing attack. In essence, the use of point solutions is like defending a castle one stone at a time.
But there are solutions available that are built to tear down these data silos, analyze and correlate the data to a unique IT environment and ultimately power a holistic security program. Integrated security analytics are becoming the hallmark of mature, battle-ready cybersecurity management that aims to protect the castle as a whole.
Context is king
Enterprise security environments often rely on seemingly redundant tools to ensure no weakness or threat is overlooked. For example, many organizations have multiple vulnerability scanners deployed, but their data remains disparate and disconnected. These organizations need to unify and normalize that data, so it can be analyzed and the vulnerability risk can be understood. But what about all the other risk that impacts that organization's attack surface? How does network zoning influence the prioritization of these vulnerabilities? How do these vulnerabilities effect the decision to make a firewall change?
Without an integrated analytics platform, it's nearly impossible to answer these questions on an enterprise scale. Contextual intelligence is key to understanding how your security controls work together or leave you exposed. With an analytics that considers intelligence beyond a given solution set, you would quickly see that a “critical” vulnerability is actually of little threat to your network because it's effectively cut off from an attack path. In the case of a firewall change, you may find that request would expose a vulnerability on a critical asset.
Learn from your enemies
Attackers understand the advantage of contextual intelligence. Often a vulnerability or a weak endpoint opens the door to a chain of security exposures that attackers can exploit. If they get stuck, they can poll the collective intelligence of fellow hackers to see what to do next.
Defenders need to be able to do the same. Too often, because the data remains in silos, so do the teams that work with that data. Integrated analytics helps to reopen the lines of communication enabling intelligence to be easily shared across the organization. The result is increased efficiency and a focused response to the risks with the potential to do most harm.
Change the weapon, not the warrior
The skills gap in the cybersecurity industry has become notorious. Some estimates put the number of unfilled cybersecurity positions worldwide at one million. In an already undersized pool of talent, expecting to find professionals at-the-ready and trained for a specific point product is naïve.
An integrated analytics platform helps organizations consolidate to a narrower list of vendors by streamlining processes and, thereby, reducing reliance on niche talent. This creates another advantage in the mature cybersecurity program. Rather than searching endlessly for “point talent,” the organization can draw from a broader hiring base and has a better chance at filling positions more quickly.
For security practitioners already in the organization, the ease of use and efficiency of integrated platforms will drive down time spent on operations and intelligence gathering, allowing them to step back and determine strategic and prioritized action.
CISOs: Leading the charge
At the helm of the mature cybersecurity programs is the CISO. As CISOs have garnered more sway in the C-suite, they need to always stay abreast of security status in order to easily communicate posture, strategy and needs to other stakeholders. They're increasingly looking for turnkey solutions that address all aspects of their program and give them the “big security picture.”
The attack surface has become too complex and evolves too quickly for security leaders be mired in the patchwork of point products and constantly changing risk. Integrated analytics helps to elevate data to the level of contextual, actionable intelligence that can be discussed across teams – even at the executive and boardroom tables.
The attack surface will continue to evolve, networks will grow more complex and the threats against them more advanced. The comprehensive response to this will be powered by integrated security analytics that is capable of bringing data, solutions and people together to tackle the risks at-hand and those yet to come.
Justin Coker, vice president of EMEA, Skybox Security