Timothy Liu is the CTO and co-founder of Hillstone Networks.
getty
For CISOs and other security professionals, today’s cybersecurity landscape is changing at a dizzying pace. New threat vectors and state actors, new regulations and directives, and new products and initiatives all must be considered. The Covid-19 pandemic has only compounded the problem with a sudden demand to support remote workers en masse. However, by adopting a more holistic viewpoint, CISOs can gain the upper hand when it comes to cybersecurity.
Ransomware And Other Threats
Ransomware has understandably become of utmost importance for most security experts — it’s an existential threat to all organizations. These attacks have become more prominent, more aggressive, more blatant and more costly, with the estimated average ransom cost doubling in 2021 alone. Even smaller organizations are not immune; they may even be considered a more attractive target since their cybersecurity defenses may be lower and their willingness to pay a ransom higher. Regardless of company size, whether you pay the ransom or not, you lose in terms of money, time and productivity.
And yet, ransomware is only one of the challenges facing security teams. Additional pain points include supporting remote workers and maintaining productivity amidst a pandemic; ensuring and verifying hard/software supply chains; and securing multiple vectors of potential liability, such as remote branches, multiple clouds, IoT devices, etc. All these concerns and more have compounded the demands upon cybersecurity.
Taking A Higher-Level View
From the breadth viewpoint, the enterprise stretches across multiple locations — not just a campus or a campus plus a data center. It may include multiple branches, multiple clouds and even extend to remote, shared or home offices, depending on your definition. The Internet of Things (IoT) edge should be included in this construct, as these devices are often lacking in security and can become targets for attacks. Furthermore, the lateral movements between assets should be secured as well since this is often the primary propagation path for malware.
Looking at the network in terms of depth allows for a view of the entire stack, from the applications and services at the top, all the way down to the hardware platforms and their components. From this vantage point, it’s relatively easy to see that the entire stack needs to be secured, right down to storage components and add-on peripherals. Operating systems, virtualization layers, system libraries and external APIs should all be part of the security envelope as well.
This, then, is the mandate for the cybersecurity team: to secure the network, resources and assets from top to bottom and across all locations.
Navigating The Options
There are literally thousands of security products offered by multiple vendors today, each with a slightly different approach to handle almost any conceivable cybersecurity need. Hence, while availability isn’t a concern, the problems for security teams are twofold: Budgetary constraints limit the number of security solutions that can be purchased, thereby leaving holes in coverage. Perhaps more importantly, managing diverse solutions from multiple vendors can be quite challenging.
To navigate this perplexing security product landscape, it can be helpful to review some of the larger trends we see among the CISOs and other security thought leaders we talk to on a regular basis. For example, many are doubling down on identity and trust, using zero-trust principles to provide the least amount of privileges possible to reduce risk.
Another trend we’re seeing is a move away from pure rules-based security to a more intent-based approach. With the growing sophistication of threats and attacks, an intent-based method allows security goals to be expressed at a very high level, which then filters down through various security solutions for enforcement. An intent-based approach is easy to audit, check for compliance, understand and scale.
Tied in with that, we also see a trend toward an outcome-based approach, that is, breaking the enormous realm of cybersecurity into smaller pieces and deciding on specific outcomes to address. For example, if phishing is a particular problem, security practitioners might drill down into the end goal of the attackers, then put in place intent-based policies to block that specific behavior. This affinity for an outcome-based approach has led to a reinvigorated interest in the SASE — secure access service edge — approach, which attempts to minimize the surface area of attack while maximizing coverage by leveraging many of the main ideas we’ve listed in the aforementioned paragraphs.
Conclusion
At its core, cybersecurity is about managing risk. The big question is, how much do you invest given the assets you’re trying to protect? Through a more holistic view across the breadth and depth of the network and its assets, CISOs can streamline and simplify their security practices and processes, thereby gaining a more effective security posture.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
