Three Cybersecurity Lessons Learned in the 2010s
As we face the close of the decade in a couple of short months, it seems like a good time to take stock of the progress cybersecurity technology has made in the 2010s before we start looking ahead to what’s next in the ‘20s. A few weeks ago, I had the opportunity to attend KuppingerCole’s CyberNext Summit 2019 and Borderless Cyber 2019 conference in Washington DC.
The conference centered on some of the latest developments in the field of cybersecurity and left me thinking about some of the lessons learned over the past decade. Here are three trends and technologies that took off in the past decade and what we can learn from them.
- Eliminating Security Siloes
One of the major business challenges of the past decade is associated with siloed and often disconnected data and tools – slowing operational effectiveness and the ability to deliver innovative products and services. Never mind the introduction of massive security risk. An industry-led solution to this challenge was a major announcement from the conference – the introduction of a global, multi-vendor cybersecurity ecosystem, the Open Cybersecurity Alliance (OCA) through the OASIS international consortium.
OCA gets its legs from the fact that, on average, organizations use between 25 and 49 different security tools from up to 10 different vendors. This is both time consuming and expensive as well as making it difficult to integrate security tools into established operational environments.
The OCA provides out-of-the-box integrations between these tools to foster an open cybersecurity ecosystem, enable the free exchange of information and orchestrate responses via commonly developed code and tools, using agreed upon tech, standards and procedures. The OCA already has two main projects underway. The first is IBM Security’s STIX-Shifter, which is dedicated to the development of a search function for cybersecurity products. The second is McAfee’s OpenDXL, an interoperable messaging format that helps organizations share information.
CyberArk is proud to be a founding member, and the only Privileged Access Management (PAM) vendor in the Alliance. We view eliminating silos as a way of not only increasing the usability of each respective security solution in an organization’s stack, but also helping organizations to share information with each other about best practices. We’d like to see this trend continue into the ‘20s.
- Using AI More Effectively
Over the course of the past decade, Artificial Intelligence (AI) has evolved from being relied upon for decision support (forensic analysis, malware analysis, security team productivity) and intelligent automation (faster threat mitigation, orchestration, RPA, incident response) to cognitive processes (threat intelligence, attack pattern analysis, security policy optimization).
However, as I heard a MasterCard security practitioner neatly summarize during a session about AI, “If you automate a broken process, you’re just doing dumb stuff faster.” This highlighted, for me, a key feature of AI systems. AI can provide insights and increase efficiency, but it can’t fix the underlying problems in your system.
AI is only as good as the processes they automate and the people who manage them. What we’ve learned from this past decade is that AI must be paired with smart policies, human engagement and other tools, like Robotic Process Automation (RPA), to reach its potential.
- Threat Intelligence and Response
The importance of being able to identify and respond quickly to threats is a lesson we’ve learned the hard way over the past decade. We’ve faced new and increasingly targeted threats – from a ransomware infection that can bring a whole city to a halt to nation state attacks taking over telecommunications. That, coupled with the fact that environments are increasingly ephemeral and dynamic inherently makes life harder than ever on the Security Operations Center (SOC).
Fortunately, advances in security analytics have been able to dramatically operationalize and improve threat intelligence and response, key components of the SOC. Additionally, by having various data shared from tools, people and processes across the network, intelligently identifying threats is more possible now than ever before. Consequently, the SOC has gotten smarter and smarter about detecting and mitigating threats and likely will continue to be able to better automate intelligence and respond to threats to minimize damage.
For more information about CyberArk and to learn what you can do to secure your organization’s most critical systems, please check out the ways in which we help organizations secure privileged access.