The security perimeter has faded. Old defenses for environments can no longer be relied upon to ensure an organization’s protection from rising threats. Those are pretty definitive statements, with sobering implications. But, as any prudent patient would say, “I’m going to get a second option on that.” That’s what we did in “Borderless Behavior Analytics – Who’s Inside? What’re They Doing?”
One of the contributors to the book, Jerry Archer, CSO from a major financial services company, observes: “The reality is that the perimeter will shrink to one individual, one application, or one small set of applications.” Another contributor, Uber’s CSO, Joe Sullivan, sees the security problem from a somewhat different perspective, nonetheless with the same implications: “The challenge is that the applications are fragmented all over the place, and employees are fragmented in dispersed locations as well.” The shift in developing security strategies required to support that kind of borderless hybrid environment is considerable. The initiative begins with identifying and defining the constituent elements of a problem to help build a solution.
Past CIO of the U.S. Department of Defense, and CIO at Large, Teri Takai begins that process by asking these questions: “What is the perimeter? What’s protecting the perimeter? Is that protection effective?” In her chapter she notes, however, that the majority of environments today were designed and built in an age of what is quickly becoming a legacy technology and that “…network architects… could in no way anticipate, or account for, the sophisticated access and staggering data volume that IT organizations face today.” Security solutions today need to have an evolutionary element to them, to keep pace with the changes in technology and hacker innovation.
Many CISO and CIOs have recognized in recent years that a new paradigm of security was needed. Contributor Robert Rodriguez, founder and CEO of the Security Innovation Network(™) (SINET), however, offers a cautionary observation: “A number of organizations today… are inclined to throw headcount at a challenge like this. That’s simply the wrong approach…” He also notes: “Only solutions with advanced analytics, powered by machine learning and leveraging big data for context, can provide the visibility into identity risks and the monitoring of user behavior for unknown threats that is needed across all of an organization’s hybrid cloud environments.”
But why machine learning? Past CISO for Juniper Networks and Sun Microsystems, Leslie K. Lambert depicts a common scenario in the book, with hackers in today’s environments: “Without machine learning, normal patterns of discovery and response cycles for this type of attack would be in the range between months and years…” She also adds: “If it’s not a normal condition, it’s an anomaly, and machine learning will uncover it…”
These security leaders, in recognizing the problem, and the challenge, were also striving to develop reliable solutions that worked within their own unique and demanding environments, each with their own requirements and use cases. Carnival Corporation’s Gary Eppinger shares this in his chapter: “Because of this wide-scaled hyper-hybrid environment, with increasingly high data volume to analyze, we needed big data and behavior analytics to find those weak links.” Monsanto’s CISO Gary Harbison puts it this way in his segment: “In this new normal of the hybrid cloud, machine learning and big data are essential to deliver accurate and timely insights to the security analysts.”
We value these ‘second opinions’ which have helped us define our strategies for contributing to the next generation of behavior analytics. We encourage you to seek your own second opinions, and in the process, to consider one of those sources to be “Borderless Behavior Analytics – Who’s Inside? What’re They Doing?”