The main theme of this year’s RSA Conference was “Strong Together.”
“Strong Together” can be applied almost universally. It highlights the power of collaboration and working together towards a common goal. When used in a social context, it can refer to the efforts of society uniting to fend off the adversities against humanity.
In my observations, “Strong Together” can also have the following meaning in the world of cybersecurity.
• Strong together: Empower through people, process, and technology.
No security defense technique can be effective without continuously strengthening the security awareness among people; no security defense technique can be effective without the proper processes in place and adhered to by people.
As an example, the recent incident of highly classified documents from the Pentagon being leaked to the outside world through chatgroup was done by a junior level national guardsman working as an IT contractor. This incident once again shows that even “top-secret” is not so secret without proper access control processes and protocols in place that are strictly and continuously enforced by the agency. Without it, no matter how many security prevention and detection techniques are in place, there are still chances of data breaches.
One of the equally critical and vulnerable area in security is access control at the network perimeter or in the cloud. These are the gates to digital assets and applications. Access management includes user authentication, authorizations, and granular access control. While advanced technologies today such as IAM and ZTNA that include techniques like MFA, weak password prevention, robot detection, and credential management can greatly reduce the attack surface at the corporate or cloud network borders, these efforts can still be undermined if, for example, a person misplaces their user credential in the workplace, clicks a phishing email link that looks legitimate, but was actually created by a hacker, to give them an easy landing pad to infiltrate and launch further attacks. I once went to a doctor’s appointment at a large local hospital, and witnessed the username and password handwritten on a post-it-note and stuck on the computer monitor in the doctor’s office, maybe for convenience, but this might very well put the entire hospital network under security risk with a single camera snap from some ill-intended visitor.
As organizations migrate their businesses to the cloud, cloud native application development, deployment and runtime management become more complicated because of its diversity, scale and runtime dynamics, and a mandate to secure. Cloud Native Application Protection Platform (CNAPP) is an emerging security platform to secure cloud native applications adopted by cloud service providers and security solution vendors. One of the main elements of CNAPP is to add security measures early (or leftward) in the application development process, i.e., DevSecOps, to ensure that proper security checkpoints are put in place early during the development process. This enables the developers to identify security risks and respond or fix potential problems, result in a secure application design. DevSecOps is another typical example that requires collaboration and willingness to work together across people, techniques, and processes to improve the security of the software development process. I saw quite a few companies at this year’s RSA that have delivered security techniques and solutions for DevSecOps to integrate into the CI/CD and cloud application development.
There are also many other aspects in cybersecurity that require people, technology, and process to work together to achieve effectiveness and efficiencies, such as threat intelligence sharing, incident response collaboration, among others. Cybersecurity is a complex and evolving field that requires collaboration and continuous improvement. Only when all three components work together can we better address the challenges and build strong and resilient security.
• Strong Together: Empower through security technology integration.
During recent years, businesses also have made significant changes in their operations and policies to cope with the impact of the pandemic. Organizations have quickly shifted from in-person offices to teleworking or remote work. At the same time, businesses have accelerated migration of more business applications and operations to the cloud by providing more cloud-based applications and SaaS services. According to Gartner, SaaS application spending increased by roughly 35% during 2020-2022 and the trend will continue into 2023 and beyond.
Remote work and cloud migration extend the network security boundaries, expand threat attack surfaces, expose more security vulnerabilities, and introduce new security challenges.
Single point security products and technologies have gradually reached their capability ceiling and are no longer sufficient or effective in detecting and defending today’s more sophisticated, targeted, and often organized threats. This is because these advanced attacks are more covert, mutate quickly and have more dynamic runtime behaviors. In addition, these point solution techniques not only have blind spots and limitations but often lag in response to the fast-changing attack tactics. We are seeing a trend in integrating multiple single point techniques into multi-layered, multi-phased unified and collaborative solutions.
For example, more companies at the expo hall showcased their XDR platforms. XDR extends end point detection and response (EDR), combines it with NDR, harnesses AI/ML and integrates it all with threat intelligence and playbook automation tools to assist in threat detection, analysis, and incident response. It ingests security logs, events and metadata from different data sources and feeds, to conduct threat correlations and analytics at a broader spectrum. XDR can be an effective platform in helping security professionals at security operation centers (SOC) to detect and respond to threats attacks.
Another example: at the RSAC Expo, leading security vendors showcased their SASE or SSE solutions for security controls in cloud deployments. SASE solution integrates the existing single point security techniques at corporate access points, including SWG, CASB, DLP, FWaaS, ZTNA, to provide effective and continuous access control and granular application security. It also integrates SD-WAN for network optimization from branch offices or remote users, together with different security tools, to provide security at the network and application levels.
The cyber security landscape has changed dramatically over the years. Point solutions that were once effective have now reached their maximum potential. Security vendors are working towards integrating different point solutions into one comprehensive and complete to combat today’s sophisticated, targeted, and multi-phased threat attacks. Technology integration is also important in improving the efficiency of security operations, reducing cost and preserving return on investments.
For stronger and better security, empower through collaboration across people, process, and technology. Empower through technology integration. This is what I believe this year’s “Strong Together” theme really means in today’s cyber security.