The cybersecurity industry needs to reinvent itself

Organizations are spending more money on cybersecurity and feeling less secure. Last year, 93% of cybersecurity professionals said they were moderately or extremely concerned about cloud security.

And that was before the COVID-19 pandemic made the threat landscape even more precarious, with a sudden and dramatic increase in remote work that expanded the attack surface.

If we don’t reinvent cybersecurity, things will get worse before they get better.

According to IDC, more than 50% of global GDP is expected to come from digitally transformed enterprises in the next three years. Multicloud environments continue to proliferate and the Internet of Things (IoT) could reach 41.6 billion IoT devices by 2025.

These trends will accelerate as COVID-19 necessitates a workforce that is more mobile and distributed than ever. This means the need for a new cybersecurity approach must also accelerate.

No business can afford to operate as it did 10 or even five years ago. Organizations must be able to leverage technological innovation — particularly machine learning (ML) — to ease the burden on IT and be faster and more proactive.

Machine learning is one factor in a broader transformation. Organizations of all sizes must adopt a new model for scaling and delivering cybersecurity, one that looks at security holistically, from the data center to the edge to multiple clouds.

As someone who has spent an entire career on the front lines of cybersecurity, it is my firm belief that a platform approach is the only possible path we can take. It is the only way to effectively eliminate the inefficient silos, disparate products and reactive models that no longer work in a far more complex threat environment.

What’s a platform approach?

First, let me be clear about what I mean by a platform approach. I’m talking about reimagining cybersecurity from the ground up. With ML, cloud computing and the evolution to a modernized IT stack, there’s an opportunity and mandate to go against the nature of traditional cybersecurity models.

We need to be consolidating and moving to fewer, more encompassing solutions. We need open platforms that enable the continual and seamless integration of security functions without asking organizations to constantly deploy new technology.

We should also use machine learning in cybersecurity, for everything from proactive prevention to integrated IoT security to ML-based policy recommendations for all endpoints.

Accomplishing this will require drilling down to the architectural level. Think of a future in which there is one agent for every workload and one agent for each tool or device used. Everything else is consumed as a service, with new services created on top of the platform.

This approach to the IT stack, which some have labeled a “model-driven architecture,” is already on the radar for many organizations. It is the only way to maintain modern and integrated solutions.

Just as the cloud helped organizations outsource much of the technology expertise needed to compete in a digital-first marketplace, this approach lets organizations adopt new technology and enhance existing applications in a plug-and-play fashion.

A unified security posture

The business benefits of adopting a platform approach are substantial. The most obvious is having a unified security posture. If we think about a remote workforce and the growth of IoT, it’s obvious our security approach must adapt to networks that are more distributed and diverse.

This was a key factor behind the creation of Gartner’s Secure Access Service Edge (SASE, pronounced “sassy”) category. SASE solutions are aimed at providing a full security stack for branch offices, mobile users and partners as they access applications running in both traditional and cloud infrastructure.

The second big advantage is the ability to quickly and seamlessly spin up new technology, as well as the ability to always keep cybersecurity technology up to date. This is important because organizations will always be at a slight disadvantage compared to threat actors, based on how quickly new vulnerabilities are discovered and exploited, and how quickly the technology landscape changes.

One example is the emerging threat of adversarial AI, whereby machine learning is used by attackers to fool AI models through malicious input. Security teams that can’t easily implement the latest ML-based security solutions are more vulnerable. A flexible platform not only provides the advantage of a unified technology stack, but it also simplifies the adoption of new technology to maintain a strong long-term security posture.

The third major advantage is automation. Automation must be a top priority for all organizations. It is also important in dealing with the growing talent shortage the industry is facing. Everything from playbooks and threat hunting to investigations and response can and should be automated.

A platform approach expands how much can be automated. In fact, it’s possible to automate more than 95% of the work in security operations centers (SOC) with proper integration. Security teams can then be more responsive to threats and focus on higher-value initiatives.

Know the challenges

A platform approach doesn’t come without challenges, though. Most organizations have substantial investments in existing vendor solutions. The proliferation of vendors is well-documented. Research identifies more than 1,200 cybersecurity vendors on the market today.

According to Neil Jenkins, chief analytic officer at the Cyber Threat Alliance, “many organizations subscribe to the myth that cybersecurity is a technical problem for which there should be a technical solution.” As a result, companies “search diligently for a simple solution and end up spending a lot of money on various platforms and products, none of which quite seem to fully address the real issue.”

The business case must be made not only for why a platform approach is required to secure the business, but also how an investment in new technology will quickly deliver return on investment.

Next, because many solutions aren’t as open or flexible as required, there’s the real risk an enterprise will find itself locked into a walled garden and won’t be able to keep up with the demands of their security teams and the threat landscape.

They’ll find themselves investing a big portion of their cybersecurity budgets as well as countless hours of development time constantly integrating new solutions into their workflow. Or worse, they’ll be managing outdated solutions while threat actors innovate with new attack techniques.

Another important issue is having access to best-of-breed solutions. Many vendors claim to have the most innovative solutions. Their customers often comprise numerous, disparate, cross-functional teams (spanning security, DevOps and more). This sets the stage for unnecessary and crippling turf wars as consolidation begins.

The good news is that 66% of organizations are already consolidating cybersecurity solutions with an eye toward addressing more security challenges with fewer vendors, according to a 2019 ESG report. But this consolidation can mean a significant shake-up.

Finally, keep in mind that a platform approach requires a change in mindset among leadership. Having the right technology isn’t enough. As applications are developed and IT decisions are made, security must be front and center. The chief information security officer (CISO) or chief security officer (CSO) needs a seat at the table for major IT decisions. That authority must extend across the enterprise.

Security must be a prerequisite as teams think through technologies and processes, including all phases of the development and operations lifecycle. That’s the only way security teams can ensure that their platform of best-in-class technology will be effective at mitigating threats.

It’s telling that something as basic as a cloud misconfiguration continues to be one of the leading causes of data breaches. Some of today’s issues just come down to a lack of governance and failure to adopt best practices.

The strategic path

Without a strategic shift, we’ll surely see new major cloud-related breaches, especially as more mission-critical apps are moved to the cloud. The subsequent fallout will hit the boardroom, and the general erosion of trust among consumers and businesses will be very difficult to overcome.

A true platform solution is attainable, and many organizations and technology partners are already rearchitecting their approach to cybersecurity. However, many more vendors and their customers are either ignoring the risks or failing to fully grasp the need for a new approach.

If we fail to meet the challenges, things will get worse. We all need to be aware and awake. By moving to a platform model, we will be on the right path to a safer, more secure, digitally transformed world.

Key takeaways

To reinvent cybersecurity, organizations need to keep the following priorities in mind:

• The cybersecurity industry needs an integrated solution that seamlessly incorporates machine learning. Organizations should cut down the number of vendors they use and shift toward a holistic platform approach that delivers a unified security posture.
• Embed automation across teams. Wherever possible, organizations should enforce standards and policies that drive security integration. Automate everything — including playbooks, processes, hunting for attacks, investigations of attacks, responses to attacks and everything else possible that can be automated.
• CISOs/CSOs need a seat at the table. Leadership needs to drive centralized, cross-team integration with security — specifically within organizations adopting agile methodologies (CI/CD pipelines and DevOps) and cloud-native applications (containers, microservices, etc.).