In the intensifying rush to develop and deploy network security strategies that can handle the drastic increase of today’s cyberthreats, I fear that many organizations are falling into a trap that is already having far-ranging consequences. Rather than approaching the admittedly intense challenges of security with the methodical approach and longview perspective of managers of complex data centers, they are behaving like harried consumers—reactively buying a specific, standalone solution to tamp down a challenge or crisis as it emerges.
It is a tactical solution to a strategic problem—not only insufficient in the short-term, but also extremely corrosive to the long-term security and functionality of the systems that are designed to store and safeguard critical information.
Rationally, removed from the stress of an attack or exploited vulnerability, we can all see the obvious confusion and inefficiency this can cause. And yet organization after organization continue to display a decision-making process that is unnervingly similar: If one security solution protects our network well, then 20 solutions—or tools, vendors, teams and defense systems—will protect it even better. Or, worse, if one solution is insufficient, keep adding more.
It is simply not true.
At best, this approach causes an organization to absolutely hemorrhage resources—from budgets to bandwidth, and everything that falls in between—with very little benefit to show for it. And though the Randians among us may shrug that off as another company’s problem, in a global digital environment driven by hyper connectivity, it is really everyone’s concern. Because rarely are we able to mitigate challenges to the “at best” parameters.
Even organizations with deep security understanding and expertise are falling short of containing, much less mitigating, damage—becoming conduits and extensions of the threat actors’ bad intentions. As a result, we have seen an explosion of very dangerous complexity, as companies address each new security challenge with an ad-hoc approach that makes us all less safe.
For those who doubt the shared impact of bad strategy, I ask whether they believe that the increase in attacks that make almost daily headlines is coming from a base of threat actors who are able to stay one step ahead of all security solutions with super-villain speed and accuracy. Or, is it more likely that the increase in attacks is the direct result of an approach that patches solution on top of solution in a way that is difficult to manage, monitor and align?
As seriously as I take the capabilities and dangers of today’s threat actors—particularly those with direct connections to state sponsors—I believe it is the latter of the two possibilities.
A jumbled and rushed reaction to fast-moving new threats has created a security framework that is riddled with holes. But it is important to recognize that it is not simply a one-sided equation—for all the speed and dexterity of attackers, there is equal speed of innovation with networks themselves. That alone, internally with no outside attempts at breach, is a substantial challenge for anyone.
From IoT, to multi-cloud deployment, to the proliferation and blurred boundaries of mobile access, to the sheer volume of commonly used applications, those responsible for data networks have more to deal with than ever before. Adding threat to the equation can quite understandably make heads spin.
But, in keeping with the at-times counterintuitive nature of effective cyber security strategy, the fact that it is so potentially overwhelming can create the foundation of an effective strategic path forward.
That foundation begins with the humility to recognize that the way many organizations are approaching data protection is simply not working. And rather than finding fault with a specific leader, team, vendor or product, it is time to rethink an overarching strategic approach that has failed.
Given the reality of those tasked with network security, this should not be hard to admit.
It is not uncommon for an incoming CISO to inherit an enterprise network that comprises more than 4 or 5 different security vendors and products, with varying degrees of interoperability and cohesion. In such an environment, a CISO must scramble to find, hire and retain qualified network security employees—no small challenge in its own right. And when they do, they must divide them to focus expertise on a wide swath of different products—some duplicative, others insufficient—while still trying to maintain team cohesion.
Rather than driving turnover, burnout and even more network complexity, overwhelming our IT and security teams by demanding the impossible, let’s instead pivot to a new approach.
That approach will be supported by two primary pillars: integration and automation.
Integration is achieved by building a network designed expressly for seamless operation, consistent communications and threat detection and intelligence incorporated throughout. This creates a security fabric that stretches across all corners of a network, no matter how vast or how many points of entry it contains.
An integrated and highly connected security fabric not only offers immeasurably greater protection than what many businesses now deploy, it also provides much greater scope and clarity of visibility. Simply put, you cannot protect what you can’t see—much less what your network cannot detect, or worse yet, can detect but cannot communicate to other cyber security tools. With networks that span the diverse edges of IoT and hybrid cloud architectures, that integration is critical. Without alignment, a network is riddled with holes and blindspots alike: Not simply points of unauthorized access, but ones with no way of sounding the alarm if they have been breached—allowing threat actors to sit inside a network, undetected, indefinitely.
With a security fabric in place, a threat is detected instantly. But what then? Can an IT team mitigate that threat? Perhaps. But what if there is not one threat, but multitudes—coordinated to strike simultaneously? It is unrealistic to expect a manual response to breaches to be sufficient. Today’s cybersecurity must be able to handle coordinated, relentless attacks in real time—to any part of the network, at any time, from anywhere in the world.
The only way this is possible is through automation. Adding automatic, real-time response to a seamless security fabric is what allows network protection to match the velocity and intensity of today’s threat landscape. It is also what allows an organization to reduce costs and margin of human error. Automation also frees IT teams to work at the top of their skills and insights—understanding the nature, motivations and patterns of threats rather than scrambling to be the custodians of inefficient systems, at a pace that is not humanly possible to match, across a network too vast and complex to effectively oversee. And that grows even more complicated—and ineffective—with each standalone, tactical security add-on.
With integration and automation, complexity is dramatically limited and threat mitigation and containment is exponentially increased. That not only makes for a much more efficient and effective use of allocations and resources—it also allows your IT and security teams to focus the full force and depth of their intelligence on implementing a far more sound, streamlined and strategic approach to security.
This byline originally appeared in CSO.
For more information, download our paper and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evalutate to protect against them.