Security Roundup: Insight Engines, Optiv, K-12 Cybercrime, Darktrace
The crowded cybersecurity industry has created an even more crowded security architecture, leaving enterprises with single solution products culled together into a complicated security strategy.
That’s according to Grant Wernick, co-founder and CEO of Insight Engines. He works with organizations across all vertical markets to simplify the way in which analysts interact with their security data and assess which data to keep and which to send away.
Wernick wants security teams and analysts to simplify their view on cybersecurity and “take out all the clutter.”
We spoke with him about what created this cybersecurity clutter, why organizations should “clean their closets” and how security analysts and professionals need to “weed through all of the noise” in the market.
The prevalence of specialty purpose cybersecurity products helped create all this unnecessary complexity, he said.
“It really was like, ‘Oh, I have this product for this, this product for this and this product for this,’ and when you look at them, probably there’s a ton of overlap,” he said. “So we ended up in this world where people buy one of everything and everything’s pushing off data and it becomes this Great Wall of China world where it’s like, ‘OK, I have tons of stuff, but am I getting the data’s meaning?’ So over time, another company will pop up and they do another little thing, and then another company will pop up and they do another little thing.”
The inability to separate valuable signals from the noise led to the rise of security information and event management (SIEM), Wernick said.
“The other interesting thing is as these organizations expanded, different parts of these organizations would make different technical decisions,” he said. “One part of the organization says, ‘I like Cisco firewalls’ and they bought Cisco, and another one says, ‘I’m like Palo Alto Networks’ and they bought Palo Alto, and another one says, ‘I’m with Juniper Networks.’ So we’re in a situation where now it’s the same organization, but different parts use different things. And that’s not even touching the IoT side of things; that’s the old world of protecting the network.”
In a world where everybody’s mandated to move to the cloud, more people are starting to “really believe in cleaning up their closet,” Wernick said.
“I have all these things I bought for an on-premises world, but my world’s changing, and as my world changes, I need greater visibility into things,” he said. “Getting that visibility is a very big necessity, not only for the change period, but going forward — as the perimeter’s not the main thing you’re protecting. You’re data’s going to be disbursed in multiple places.”
Simplifying your security architecture can be more difficult for legacy organizations than for younger organizations that are often cloud-first, Wernick said.
“If you look at the bigger companies that are trying to make this transition, they have a lot of legacy stuff and going through that is like going through an old bin, it’s going through an old closet, going through your basement,” he said. “And you’re saying, ‘Wait, I bought this thing five years ago, seven years ago, and I bought four other things that are just like it, and it’s like, I don’t actually need that.'”
The gamut can run from a product that’s not being used, all the way to data that’s been pushed off by all the products the organization has been hoarding for years, and “how do I sift through that data to make sense of it, especially when that data’s from a product I haven’t used in years and maybe a part of a …