Get Off The Dysfunctional Cybersecurity Merry-Go-Round
Cybersecurity – You’ve probably heard the phrase, “If it ain’t broke, don’t fix it.” It is generally used to rationalize not taking proactive action to address issues if something seems to be at least partly functional. The logical flipside, though, is “If it’s broke, fix it,” and that seems to be the case with cybersecurity today. The traditional model and tools of cybersecurity often fail to do the one thing they are designed to do—provide security. Yet companies seem to accept that their security will never be quite good enough though their security budgets continue to increase every year. Organizations need to get off this dysfunctional “merry-go-round” and change the way they approach cybersecurity.
Cybersecurity Is Broken
Organizations spend a significant amount of money on cybersecurity. Most of that money is invested in tools that are considered to be the foundation of security—firewalls, intrusion detection, antimalware, etc.
“The fundamental promise of cybersecurity is to stop malware,” proclaimed Amir Ben-Efraim, CEO of Menlo Security. “Despite throwing billions of dollars at the problem, malware continues to be an issue.”
Ben-Efraim has a valid point. Does the firewall keep all unauthorized traffic from entering the network? No. Does intrusion detection catch every suspicious or malicious action inside the network? No. Do antimalware tools identify and block every threat and exploit? No. It can be argued that they are better than nothing. They are effective most of the time.
Unfortunately, it only takes one threat to slip through your defenses and expose your applications and data to exploit and compromise. Despite the questionable success of these tools, they still form the backbone of protection for most organizations, and companies continue to spend massive sums of money to upgrade and renew these tools—repeating the cycle.
Evolution of Technology and Threats
The core components considered to be part of cybersecurity best practices have always been only marginally successful—and maybe that was enough to justify continuing to spend money on them. The pace of change for both technology and the threat landscape, however, are rendering those tools less and less effective as time goes on.
Guarding a local network or data center is one thing. Knowing that there is a defined perimeter, and that you just have to keep the bad guys “out there” while protecting the computers, applications, and data inside the network is also not easy. But at least it was simpler to define what was good or bad and what needed to be blocked or protected. That perimeter no longer exists, though. Mobile devices, cloud computing, and IoT have vastly expanded the environment that needs to be protected, and attackers continue to adapt and develop more sophisticated exploits that make it more difficult to defend against.
Ben-Efraim explained, “The adoption of Software-as-a-Service (SaaS) creates new security challenges. It exposes the network to unique risks—risks that traditional cybersecurity is not designed or equipped for.”
The promise of SaaS is better productivity and time to value with lower costs, universal access and no hardware or software to maintain. However, adopting SaaS in an enterprise creates a security burden that cannot be addressed by traditional cybersecurity. Doing so usually creates user experience issues or a loss in data visibility and control. A fundamentally different approach to overcome these tradeoffs is needed for a world when your applications are data are on the internet and not safe in a physically secure data center.
A Better Approach to Cybersecurity
There is no single answer to fix the traditional cybersecurity model, but one of the fundamental issues with it is that it’s a gamble—and the odds are in favor of the attacker. Most traditional cybersecurity solutions rely on the premise of signatures and known indicators of compromise (IOCs) to recognize threats. It’s a constant race to try and identify emerging threats and develop and deploy detection for them before it is used against your organization.
Ultimately, it is a very stressful gamble. Even if you feel you have followed all cybersecurity best practices and you’re relatively confident in your security posture, the fact remains that you have to successfully detect and block all threats, and the attacker only needs to find one weakness to exploit. It is a gamble that organizations lose all the time.
This article originally appeared on forbes.com To read the full article and see the images, click here.
Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards
Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.
The Nastel i2M Platform provides:
- Secure self-service configuration management with auditing for governance & compliance
- Message management for Application Development, Test, & Support
- Real-time performance monitoring, alerting, and remediation
- Business transaction tracking and IT message tracing
- AIOps and APM
- Automation for CI/CD DevOps
- Analytics for root cause analysis & Management Information (MI)
- Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics