Last year may have seen a record number of data breaches, but 2017 is already on track to break it. According to the Identity Theft Resource center (ITRC), cyber attacks tracked through June of this year were 29 percent higher than 2016, and, if this trend continues, are projected to see a 39 percent annual increase.
The cause is clear: a report by Aberdeen and Cyber adAPT shows two in five enterprises are swapping PC-oriented for mobile-first computing, and nearly half are investing in connected device initiatives. (Disclosure: I am employed by Cyber adAPT.) As a result, CISOs are trying to protect increasingly edgeless networks and the smartphones, watches, and gadgets connected to them — all while juggling the range of firewalls, tools and vendors that connected computing brings.
It is no surprise that keeping cyber criminals at bay is getting harder, with new digital business models obliterating the traditional network perimeter, which is creating an increasingly complex enterprise computing infrastructure.
One also must have the consideration of prevention, detection, and response – a three-tiered approach to understanding cyber security, which undoubtedly means an overlap of separate measures to offer complete protection. These three principles in insolation will not safeguard an organization from malicious activity, but they do add to the complicated tech stack faced by today’s CISO.
So what does the security technology stack look like, what barriers are CISOs facing when attempting to meet these challenges, and how can these issues be addressed?
The unruly security tech stack
The Aberdeen study demonstrates the vast scale of the tech security stack with which CISOs are grappling. Taking a typical six-layer enterprise tech stack as an example — comprised of networking, storage, physical servers, as well as virtualization, management, and application layers — the analysis included no less than 1.6 billion versions of tech installations for 336 products, provided by 57 vendors.
For CISOs this scenario makes it difficult to keep systems, data, and devices safe, as complex networks often come with a range of firewall services. The research also found that of the 13,000 networks assessed, almost half (46 percent) were managing multiple sites and firewall vendors. And as each provider has its own set of rules, policies, and structure that must be implemented – and monitored – it is easy to see how potential network vulnerabilities could be overlooked. This oversight creates risk that is significantly heightened when firewalls are maintained manually or via an array of disparate vendor-specified tools.
Fragmented firewalls are not the only problem big tech stacks create. Wading through the high volumes of data they generate to identify attackers can be a CISO’s biggest headache. Speed is key in minimizing the impact of data breaches – if detection and response time following a breach is twice as fast, damage to a business could be reduced by 30 percent. Yet with information split across a range of intelligence sources and systems, the chances it will be gathered, consolidated, evaluated and acted upon quickly enough are hampered.
Add in the maintenance of systems – including patch cycles – and the CISOs task becomes ever more daunting. With a growing stack, comes a growing list of patches to consider, ultimately creating a host of diversions capable of keeping a CISOs attention diverted from the true threat. The devastating WannaCry attack in May was one example of software patches leaving people and companies vulnerable.
Re-mastering network security
Juggling a complex tech stack and attackers that use increasingly sophisticated techniques and processes makes detecting and responding to attacks even more dismaying.
This circus act calls for a new approach to security and the technology required to deliver it.
CISOs must be able to assess their intricate networks but most importantly prioritize alerts. By understanding the urgency of an alert, significant threats can be identified and dealt with in a timely manner, ahead of other issues where the impact may be minor in comparison. The importance of being able to identify anomalous behavior and remove attackers before they can strike in real time cannot be underestimated.
Finally, a key question CISOs must ask themselves whether and how their security technology stacks up. Is it prepared for the onslaught of data and activity – both benign and potentially malicious? If the answers reveal feelings of helplessness, CISOs must take the time to strategize and rerack.