Cyberattacks and data breaches continue to rise year-over-year and another so-called silver bullet technology isn’t going to stop that trend. The reality is the bad guys are looking at the entire playing field, but we are not because organizational structure, personalities and politics get in the way.
Security organizations are traditionally structured as a collection of separate groups—including network, endpoint and cloud—tasked with protecting their part of the infrastructure and stopping certain types of threats. Each group uses its own set of security technologies from different vendors, and they bring in their own third-party data and intelligence sources for context. These silos make it extremely difficult to share data between tools or teams in any real way. And while these teams may roll up to the same person, they each have their own budgets and are laser-focused on achieving success for their projects so they can get funded…sometimes at the expense of another project. Personalities and politics start creeping in due to this unintentional (or sometimes maybe intentional) competition. In the end these divisions make it incredible difficult to create a unified defense. Instead, we’re simply creating an obstacle course for attackers that they are all too adept at successfully navigating.
Looking to the future of cybersecurity, we know that any discussion must include automation. But disconnects within an organization prevent us from making meaningful progress. A recent SANS survey (PDF) found that 97% of respondents report difficulties in rolling out automation initiatives due to technology issues, siloed departments and lack of trust in outcomes. Additionally, the misalignment between CISOs and their organizations around security automation and organization maturity makes it more difficult to overcome the structural and cultural challenges required to move up through maturity levels and promote an approach that cuts across the entire business.
One direction we can go in to address these challenges and create a unified defense is to take an honest assessment of the state of the organization. The global cybersecurity talent shortage is impacting most organizations. When we break down barriers, we can apply automation to better utilize scarce, highly skilled human resources and avoid burnout and boredom. Repetitive, low-risk, time-consuming tasks are prime candidates for automation, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work.
Organizations also need to get more out of their existing tools. I’ve spoken with teams that are actually considering investing in a second SOAR tool because the other part of the organization that already has a SOAR tool deployed isn’t receptive or lacks the capacity to expand the use cases and provide what they need in a timely manner. Talk about a lack of a unified defense! This is another area where automation can help. Instead of a process-driven approach to SOAR, automation can be triggered by data and business logic to run the right actions and orchestrate response with minimal impact on security teams’ workloads and workflows. Additionally, solutions that provide a low-code approach can open the tool to more users and use cases.
More broadly, a platform focused on integration where disparate systems and sources that talk in different languages and use different formats can communicate, provides an opportunity to shift thinking and how we work together. An open, extensible architecture that allows for flexibility and interoperability with existing tools and teams, and integrates with new technologies teams want to bring in, delivers benefits to everyone. At the data level, it provides shared context for better understanding and collaboration across the organization. At the process level it helps ensure the right actions are taken at the right time so different teams can achieve their goals and accelerate detection and response across the organization.
When we recognize how organizational structure, personalities and politics can stand in the way of security progress, can we address the challenges and move towards a unified defense. There are many paths to reach this destination—the choice is ours.
Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.Previous Columns by Marc Solomon:Tags: