4 reasons why CISOs must think like developers to build cybersecurity platforms and stop investing in ‘silver bullets’

CISOs are under the gun to produce results rapidly and staunch the constant “bleeding” from cybersecurity attacks. Cybersecurity attacks are increasing in complexity, velocity and ferocity. The reflexive response is to acquire the latest set of shiny new tools and roll them out quickly. This rapidly leads to cybersecurity data silos produced by tools that do not integrate. It is impossible to get a consolidated view of the threats, which is critical to create an actionable and automated response. Further, as threats evolve, the number of tools required keeps increasing – leading to a tangled mess of cybersecurity spaghetti!

The top 4 challenges faced by every CISO include:

1.  Drowning in the cybersecurity data deluge

There is a constantly growing list of “sensors” generating security data. Anti-virus scan reports, DLP logs, firewall logs, vulnerability scan data, server access logs, authentication logs, insider threat reports, advanced persistent threats – the list keeps growing with no end in sight! The velocity, variety, and volume of data easily overwhelm security analysts. Analytics and automation are the only way out.

2. Tool and data “balkanization”

The CISO is constantly reacting to threats and buying “silver bullet” tools. This leads to a messy digital hodgepodge of PDF reports, HTML pages, XML extracts, and .CSV files that are hard to integrate, analyze and program for creating automated responses.

3.  From discrete security events to continuous security

Cloud and DevOps are accelerating code deployments and introducing dynamic environments that challenge the traditional “certify once and monitor forever” waterfall security model. Rapid code, environment and data changes require a proactive and dynamic approach to security. Security as code is the only way to scale and react in real time.

4. Reactive and passive posture

Logging, monitoring and alerting are not timely enough. The ability to react in near real-time is critical to limit damage. Proactive threat-hunting and highly automated security operations and incident response are key to protecting digital assets.

CISOs must think like developers!

Developers are constantly looking for ways to extend services and share data using API’s & Microservices. Microservices help weave a digital fabric through a set of loosely-coupled services stitched together as a platform. Platform-centric architectures provide for extensibility with the ability to plug-and-play new tools and services using API’s with open data formats like JSON. CISO’s similarly must start thinking of ways to break down data silos and integrate the data from various tools and sub-systems. The list of “sensors” generating security data is endless and keeps growing every day. Anti-virus scan reports, firewall logs, vulnerability scan data, server access logs, authentication logs and threat profiles are just some of the sources of critical security information. All this data only makes sense when integrated into one single view and analyzed using AI-models. The volume, velocity and variety of data make it impossible for human-beings to analyze and react. AI-driven models help discern anomalous behavior from regular patterns and are the only scalable approach for detecting threats in near real-time. Security operations, automation, analytics and incident response as an integrated platform is the way to go.

Emerging security operations, automation, compliance and response solutions are next-generation solutions for the Digital CISO. Cybersecurity platforms provide the ability to plug and play new services. Additional features include the ability to generate and produce compliance reports required by HIPAA, FedRAMP, GDPR and NIST security standards as well as proactive incident response to ensure the confidentiality, integrity and availability of digital assets.

Creating a digital CISO playbook

Embracing inter-operability, API’s, machine-readable data formats and using code to automate manual processes are part and parcel of a developer’s playbook. Taking a leaf from a developer’s playbook here are 4 key pillars for the Digital CISO:

1. Ask cybersecurity tool vendors to provide access to cybersecurity data through API’s and use of open data formats. Microservices and JSON are the way to go. Stay away from proprietary and closed systems that create data silos.
2. Create a platform-centric architecture that does not rely on expensive silver bullet “tools” that don’t play nice with other tools or technologies. Develop a layered architecture with data ingestion, indexing, AI-analytics, alerting, response and reporting capabilities. Developers use Microservices and API’s to avoid inflexible interfaces and use JSON based objects stored in NoSQL databases.
3. Invest in AI-technologies that help automate manual tasks and analysis. Understanding and leveraging a whole host of services that include NLP (for analyzing text and report highlighted patterns), statistical & regression techniques, adaptive algorithms that discern normal behavior from anomalous patterns are just some starting points.
4. Create a developer mindset with a focus on security as code. Security analysts must move away from creating spreadsheets and word documents and embrace toolsets like Chef, Ansible, CloudFormation, Python and JSON.