The Cloud Security Alliance (CSA) released Cloud-Based, Intelligent Ecosystems – Redefining Intelligence & Driving to Autonomous Security Operations. The paper looks to address the disconnect within cybersecurity wherein increasing numbers of security solutions are only serving to make enterprises more vulnerable.
In the document, the authors encourage security executives to break the endless cycle of iterative tool adoption, and, instead, move to data-centric security operations that drive integration and automation while simultaneously leveraging cloud-based fusion.
“We are in a cyber arms race that has precipitated a security tool-race with adversaries’ evolving attacks forcing us to spend more to try to defend ourselves. Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
“We are increasing operations and personnel costs, but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries’ success.”
CSA took a step back to examine the problem holistically and identified a critical gap: the absence of a capability to easily leverage and fuse output from security tools and threat intelligence deployed. Over the course of the examination, at least five unique cybersecurity challenges surfaced:
- Security technology and adversaries are changing fast. Keeping pace with new and emerging problems has made it difficult to examine the situation as a whole and the underlying issues that develop into more pronounced threats.
- The vendor community has focused on a “single pane of glass” that visually represents event data. This good idea is limited by the fact that the wealth and diversity of event data are hard to represent, along with the pace of malicious activity. Moreover, buyers are reluctant to commit to a single pane, given the significant investment in training on major security products.
- The absence of a readily implementable exchange protocol and data-labeling ontology has slowed progress.
- Normalization and transformation of disparate data sets from security tools and intel sources have represented the “valley of death” for integration and automation until recently.
- A shift from a singular focus on software and products to secure systems to focusing on the data generated by security systems.
The paper unpacks “intelligence” and addresses the challenges of integrating data from internal security tools and external threat feeds and leverages lessons learned from the autonomous vehicle industry’s “sense, understand, and act” methodology.
The authors go on to propose secure, intelligent ecosystems to enrich data workflow and apply machine learning and address security business analytics and the importance of measuring business outcomes for boards of directors, chief information security officers, and security operators. Finally, the document proposes areas for further exploration and investigation.
“We, as security defenders need to act, but our success will be temporary until we break the cycle and place a new cornerstone for cyber defense — cloud-based, data-centric defense.
“It’s time business leadership takes the initiative to break the cycle and defend their companies through data-centric, integration, and automation of their tools and overall architecture,” said Paul Kurtz, Board of Directors, Cloud Security Alliance.