The security industry wrapped up what has arguably become the most significant trade show in the security industry: RSA Conference. While it’s always interesting to see what challenges hold the industry’s attention and how vendors plan to address them, I find the most useful information comes from informal conversations with customers and industry colleagues as opposed to official booth presentations. These chats are a great opportunity to see the trends and problems at the forefront of people’s minds, along with learning about the latest products and services the cybersecurity vendor community has developed to address them. I believe that the cybersecurity industry is showing encouraging signs of maturity, yet still wrestles with some of the same problems that have challenged us for years.
Threat Intelligence Sharing Is REAL
The Cyber Threat Alliance (CTA) announced two new founding and three new associate member companies; it’s incorporation as a non-profit company; and the appointment of a new president, former White House Cybersecurity leader Michael Daniel. Now every major security vendor is a member of the organization, working together for the greater good of our joint customers. Each of these changes represents a significant evolution of the CTA and underscores the commitment the members have made to the organization’s mission. We are forging stronger ties between member companies and expanding the scope of threat intelligence available to all members. More importantly, the alliance also announced the ongoing development of a new, automated threat intelligence sharing platform.
The platform better organizes threat information into “adversary playbooks” focused on specific attacks so as to increase the value and usability of collected threat intelligence. This innovative approach turns abstract threat intelligence into actionable real world protections and lets users speed up information analysis and deployment of the intelligence in their respective products. In short, the platform lets CTA members leverage all participants’ shared intelligence on their own proprietary platforms. This kind of collaboration strengthens the industry while simultaneously making cyberattackers’ jobs more difficult.
Great Innovation Happening Around Securing the Endpoint
Organizations are realizing more than ever that legacy antivirus approaches to securing the endpoint do not work and are actively seeking alternatives. There’s been a great deal of noise around endpoint security, with different vendors advocating different approaches to securing this critical threat vector. The most intriguing alternative to me is one that not only checks for compliance in antivirus replacement boxes, but is also natively integrated with the rest of the network security stack. Walking the show floor, nearly every vendor I saw was promoting their extension into this area, but the most interesting solutions were those with the native ability to integrate newly discovered threat intelligence into the platform with a minimum of human intervention. This is the only way to deal with both the daily tsunami of threat alerts most organizations receive and the growing number of endpoints connecting to networks.
But as I said earlier, there are issues the cybersecurity industry continues to struggle with, and I believe these issues will continue to be top of mind at RSA 2018 and beyond.
Cybersecurity Needs People
Without exception, everyone continued to note a lack of qualified cybersecurity staff as a serious issue. Most included identifying, hiring and budgeting for staff in their top three lists of concerns, often in the No. 1 spot. It’s a problem I’ve commented on before but still hasn’t been addressed thoroughly by the industry, government or our education institutions. We must jointly find a way to build a larger bench of cybersecurity talent, or the shortage of skilled and affordable cybersecurity experts will continue to impact organizations. I find this troubling because our industry cannot scale to address the exponential growth in cyberattacks without access to a properly trained labor pool, in addition to driving forward the automation of prevention.
Do Point Products Still Reign?
The show floor was more crowded than ever thanks to a host of new security companies exhibiting for the first time, each looking at a specific threat vector or technique. While new thinking and innovation are vital, this ad hoc approach to building a cybersecurity infrastructure doesn’t give organizations the complete visibility into their risk posture they need to prevent attacks. Each point product contributes just a part to the overall security of an organization, and point solutions don’t play well together, leaving security gaps that can be exploited.
One buzz word I’ve heard when discussing this problem is orchestration. Indeed, many exhibitors claimed to have THE solution for managing a mixed-vendor cybersecurity environment. While each company’s claims of supporting heterogeneous security environments should be examined, as an industry, we must do better in delivering natively engineered security platforms in which many of the capabilities delivered by a point product have been integrated into the greater whole.
While there were many amazing startups with great ideas at RSA this year, I fear they will struggle to convince new customers that “yet another dashboard” or source of threat analytics or intelligence is going to improve their cybersecurity posture.
Source: SANS ISC SecNewsFeed @ March 6, 2017 at 09:07AM