22 February 2018

Winning the Digital Transformation Cyberwar


The vast majority of cybercrime we deal with is opportunistic and automated. It is the domain of criminals trolling for the unaware and vulnerable. They target unpatched systems and vulnerable applications, exploit gullible end users, break through inadequate security systems, and infect people wandering around the web in places they probably shouldn’t go.

For decades, fighting these cyber threats has been the primary job of cybersecurity professionals. Establishing controls, setting up a perimeter, hardening edge devices, inspecting traffic, regular patching and replacing protocols, and controlling access points are all security fundamentals that every security team practices, and that most traditional security devices are designed to support. Unfortunately, that didn’t always happen and we often resorted to buying the latest and greatest tools when a new threat emerged, reverted back to hard-wiring the integration of these new technologies, and then hoping it all worked together seamlessly to detect and mitigate threats. Cyber threats were real but manageable – and usually more disruptive than destructive.

That is, until the last five years or so, when everything started to go sideways. Not only has the variety, velocity, and complexity of attacks increase, but the interval of time between attack and mitigation has gotten shorter. Meaning that as an industry we have been falling further behind the bad actors’ abilities to get inside networks and compromise data. Worse, the scope and scale of data breaches and systems compromised reached an unprecedented level. Senior government officials and industry leaders have been quoted as saying that not only are breaches inevitable, but that every that major corporation has likely been penetrated.




We’ve now arrived at a point where, despite the billions of dollars spent combatting cybercrime, criminal organizations and nation-state actors are more successful than ever, with cybercrime is expected to cost the global economy around $3 trillion dollars by 2020. For those of you keeping track, that’s just two years from now.
What happened?


Digital transformation is what happened. Perimeters disappeared. Endpoint devices proliferated through things like BYOD. As workflows and platforms and infrastructures expanded to the cloud, the attack surface expanded exponentially. Things like IoT and Shadow IT introduced vulnerabilities that caught many security teams off guard.









Many IT teams became so overwhelmed with just keeping up with the changes to their infrastructure that even basic security practices like patching devices and cyber hygiene were forgotten. And cybercriminals were quick to exploit that as well, resulting in some of the highest profile attacks of 2017.


Of course, this isn’t a genie that’s going back in the bottle. No company interested in competing in the digital marketplace is going to be able to reassert control over the devices or applications in their network. Nor are they going to be able to build a new perimeter around their expanded network ecosystem. But that seems to be exactly what many organizations are trying to do. Far too many organizations focus on individual risk areas rather than seeing networks as a holistic system of integrated components, and continue to insist on securing these areas by deploying traditional, isolated security devices designed as perimeter control points.


Responding to an increasingly complex environment with a more and more complicated security strategy is not a strategy that is going to work. There is a limit to the number of consoles that teams can monitor or the volume of data that can be manually correlated between security devices that can’t see or talk to each other. Security teams are already overwhelmed, and the global cybersecurity skills gap pretty much ensures that there is no cavalry over the horizon that can ride to the rescue.


Unfortunately, most sophisticated attackers have begun to take advantage of the seams that exist between these network elements, especially as the line between them continues to blur. Networks aren’t just expanding laterally out to remote users or the cloud. We’ve now reached a point where digital transformation is transitioning from expansion to convergence. And that compounds the problem exponentially.


Not only are IT and OT systems – that were never designed to be connected – now talking to each other, they are also directly connected to things like IoT systems, real-time global data streams, and business analytics. Organizations of all sizes are adopting multi-cloud infrastructures to support dynamic and elastic workflows driven by consumer and employee demands for real time access to critical data and transactions over a multiplying array of applications that run on a wide array of portable smart devices. And on the back-end they are connected to things like critical infrastructure, energy grids, and smart building solutions to manage internal systems like HVAC, lighting, and even physical security. 
Securing a network undergoing digital transformation.


The question many organizations are asking is, how do you secure an environment that converges elastic, hyper-connected infrastructures and massive amounts of data with users that insist on instant access from any location on any device? For too many of them, unfortunately, what they are really asking is, “where do I put the firewall?” Which, of course, is exactly the wrong question.


The answer to an increasingly complex environment is not to create a more complex security strategy. That is not an arms race you are going to win. If your organization is going to successfully execute digital transformation, you need to start seeing your network as an integrated, holistic system, and then rethink what security means for such an environment. This needs to include: 
Establishing a single security posture with policies that can span seamlessly across different network ecosystems and then be consistently enforced. This requires deploying security devices designed to work as a system. And to do that, they need to integrated into a security framework built around open standards that enables them to see each other, share real-time intelligence, and coordinate a response to detected threats. 
This integrated security fabric not only needs be deployed across the entire distributed network, but it also needs to be able to expand and adapt as the network changes. Which means it also needs to be aware of things like virtualized infrastructures, access points, applications, and workflows. It also needs to be driven deep into the network through things like dynamic segmentation. Only then can you begin to apply things like behavioral analytics to anticipate risks and shut them down before they happen. 
Simplifying security management and orchestration is essential for protecting an increasingly complex environment. Single pane of glass management or an integrated SOC provide the sort of centralized visibility and control that today’s networks require. 
Finally, these systems need to be powerful enough to not introduce latency into an environment where success is measured in microseconds. Inspecting encrypted traffic, analyzing unstructured data, and correlating data across a constantly shifting set of devices and environments requires the sort of horsepower that brings many of today’s security devices to their knees, or if not, are outrageously and prohibitively expensive. 


We all now understand that any organization that fails to adopt a digital business model is unlikely to survive in the new economy. But digital transformation isn’t only affecting networks. It is also having a serious impact on security, and cybercriminals have been quick to exploit this. Which means that organizations that fail to get a handle on securing their digital transformation process are also unlikely to survive.


Winning the war against cybercriminals requires radically rethinking security in exactly the same way that we are reengineering our networks. We need to reimagine security not as a set of devices performing isolated tasks, but as an integrated, fabric-based approach where everything sees everything else, information is shared and correlated automatically, security infrastructures dynamically scale and adapt to change, and security operates as an integrated system to identify, isolate, respond, and even anticipate cybersecurity events. This is really the only way forward if we are serious about protecting and defending our interconnected and converging digital world.

No comments: