Simplifying security architecture can be especially difficult for legacy organizations.

Edward Gately, Senior News Editor

March 16, 2019

10 Min Read
Security Roundup

The crowded cybersecurity industry has created an even more crowded security architecture, leaving enterprises with single solution products culled together into a complicated security strategy.

That’s according to Grant Wernick, co-founder and CEO of Insight Engines. He works with organizations across all vertical markets to simplify the way in which analysts interact with their security data and assess which data to keep and which to send away.

Wernick wants security teams and analysts to simplify their view on cybersecurity and “take out all the clutter.”

We spoke with him about what created this cybersecurity clutter, why organizations should “clean their closets” and how security analysts and professionals need to “weed through all of the noise” in the market.

The prevalence of specialty purpose cybersecurity products helped create all this unnecessary complexity, he said.


Insight Engines’ Wernick Grant

“It really was like, ‘Oh, I have this product for this, this product for this and this product for this,’ and when you look at them, probably there’s a ton of overlap,” he said. “So we ended up in this world where people buy one of everything and everything’s pushing off data and it becomes this Great Wall of China world where it’s like, ‘OK, I have tons of stuff, but am I getting the data’s meaning?’ So over time, another company will pop up and they do another little thing, and then another company will pop up and they do another little thing.”

The inability to separate valuable signals from the noise led to the rise of security information and event management (SIEM), Wernick said.

“The other interesting thing is as these organizations expanded, different parts of these organizations would make different technical decisions,” he said. “One part of the organization says, ‘I like Cisco firewalls’ and they bought Cisco, and another one says, ‘I’m like Palo Alto Networks’ and they bought Palo Alto, and another one says, ‘I’m with Juniper Networks.’ So we’re in a situation where now it’s the same organization, but different parts use different things. And that’s not even touching the IoT side of things; that’s the old world of protecting the network.”

In a world where everybody’s mandated to move to the cloud, more people are starting to “really believe in cleaning up their closet,” Wernick said.

“I have all these things I bought for an on-premises world, but my world’s changing, and as my world changes, I need greater visibility into things,” he said. “Getting that visibility is a very big necessity, not only for the change period, but going forward — as the perimeter’s not the main thing you’re protecting. You’re data’s going to be disbursed in multiple places.”

Simplifying your security architecture can be more difficult for legacy organizations than for younger organizations that are often cloud-first, Wernick said.

“If you look at the bigger companies that are trying to make this transition, they have a lot of legacy stuff and going through that is like going through an old bin, it’s going through an old closet, going through your basement,” he said. “And you’re saying, ‘Wait, I bought this thing five years ago, seven years ago, and I bought four other things that are just like it, and it’s like, I don’t actually need that.'”

The gamut can run from a product that’s not being used, all the way to data that’s been pushed off by all the products the organization has been hoarding for years, and “how do I sift through that data to make sense of it, especially when that data’s from a product I haven’t used in years and maybe a part of a …

… network that we don’t even care about anymore and it doesn’t even exist anymore?” Wernick said.

“Getting through that requires a lot of patience and dedication,” he added. “One thing we’re seeing quite a bit of is people [saying], ‘Look, we’ll deal with that stuff later, put it in really cheap storage, take it out of the expensive storage like Splunk and put it in Amazon Glacier or go put it on some hard disk somewhere,” he said. ” It doesn’t really fix the problem; it  just prolongs it for another day.”

Change is tough, but in this case, there are many incentives to initiate this process, Wernick said.

“The old world has a lot of vulnerabilities because it was designed at a time when security was not at the forefront,” he said. “The new world as we’re going into this cloud era is designed with security in mind and you’re starting to see a situation where there’s necessity for greater transparency across the organization. People start doing security by design, and what I mean by that is … all sides of the house are talking to each other. The cloud is more secure by design if that communication loop is open. So the incentive to move to the cloud is great. It’s actually going to be costing you less and it’s going to end up helping you a lot.”

Having large data centers and older software is expensive, while moving to cloud environments, if done well, it’s cheaper to do it, Wernick said.

“It all goes back to the transparency of the departments, speaking a common language and being able to say, ‘Look, security is by design in our organization, by design in the software that we build, by design in the way we communicate HR policies we pump out, by design in how we educate the teams, and especially around money, so the finance side of the house is educated on phishing attacks,” he said. “So the CFO knows why the CSO is doing something.”

As far as the cybersecurity industry, Wernick expects to see a lot of consolidation in the months and years ahead because “people are getting a lot wiser about these products that basically do the same thing,” he said.

“The next thing I would like to see is people talking about solving problems, not talking about pitching, like we have really cool AI,” he said.

RSA Poll: Many Respondents Unsure About Attack Response Preparedness

Optiv conducted a lightning poll on the RSA show floor last week, and the results were somewhat troubling.

This is especially the case as the conference theoretically attracts the “cream of the crop” of the cybersecurity world, according to Optiv.

Among the 137 respondents:

  • More than one-third are unsure if their businesses are prepared to respond to an attack.

  • Almost half said cybersecurity risk is not fully integrated with the enterprise business risk function within their organizations; in other words, the risk of breaches and compliance violations is still not viewed as a top-tier business risk by business execs in these organizations.

  • Almost one in three (31 percent) respondents said their cybersecurity programs were only targeted to achieving regulatory compliance, rather than holistic security and risk reduction. For example, these companies focus on achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portbility And Accountability Act (HIPAA) and other regulations, while deemphasizing all non-compliance-related data and systems.

Brian Golumbeck, Optiv’s executive director of risk and compliance advisory services, tells us the results point to …

… multiple opportunities for MSSPs and other cybersecurity providers.


Optiv’s Brian Golumbeck

“The entire premise of the survey demonstrates the opportunity for MSSPs to educate enterprises on the need to move to a business risk-based security approach, rather than a compliance-based approach,” he said. “Business-aligned security reduces business risk, not just compliance risk. The real value of a MSSP lies in the opportunity to provide operational services that help clients move to this new risk-based program more quickly and with less change-induced risk. Finally, it is not surprising that nearly half of respondents said security risk is not fully integrated with enterprise business risk, because the difficulty CISOs have in gaining a ‘seat at the executive table’ is well-known and also represented in this data.”

Incident detection and response services are a given, but there are higher-level solutions that could help with the issues identified in the survey, Golumbeck said.

“If clients are only focused on protecting regulated data, they are leaving themselves wide open to attack,” he said. “For example, a retailer may be laser-focused on PCI compliance. But they may also have a loyalty program database that is not subject to PCI regulations, and is therefore not being protected as vigorously. [Malicious] hackers will always go for the easiest payday, so they’ll target that loyalty program database and use the data to perpetrate fraud and identity theft. The ideal solution would be to provide services to the retailer that can identify their business risk, understand the most likely avenues of attack, and then prioritize the program around those assets that represent the greatest risk.”

K-12 Education Provides Big Opportunities for Cybersecurity Channel

Public K-12 education agencies across the country experienced a total of 122 cybersecurity incidents in 2018, and many of these incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities, tax fraud and altered school records.

That’s according to a recent report by the K-12 Cybersecurity Resource Center, “The State of K-12 Cybersecurity: 2018 Year in Review“.

“Public schools are increasingly relying on technology for teaching, learning and school operations,” said Douglas Levin, president of EdTech Strategies and report author. “It should hardly be surprising, therefore, that they are experiencing the same types of data breaches and cybersecurity incidents that have plagued even the most advanced and well-resourced corporations and government agencies.”

Data for the report is drawn from publicly-disclosed incidents – including data breaches, phishing attacks, ransomware and denial of service attacks  – cataloged on the K-12 Cyber Incident Map. Since 2016, the map has documented more than 415 publicly disclosed incidents, which equates to a rate of about one new publicly reported incident every three days.

The goal of policy makers, technologists and school leaders must be to reduce and better manage the cybersecurity risks facing increasingly technologically dependent schools, according to the Center.

“But make no mistake: keeping K-12 schools ‘cybersecure’ is a wicked problem – one that is assured to get worse until we …

… take meaningful steps to address it,” Levin said. “This report and the ongoing work of the K-12 Cybersecurity Resource Center are only small, but necessary steps in a much longer journey.”

Darktrace Unleashes AI Response Modules

AI cyberdefense company Darktrace has unveiled its new Antigena AI Response modules that stop email and cloud attacks in real time.

Expanding beyond network response, the new modules include cloud (AWS and Azure), email (Office 365) and SaaS applications. Whether faced with a social engineering campaign, compromised cloud credentials, or account hijacking, Antigena is designed to respond and neutralize the attack in seconds.


Darktrace’s Justin Fier

Justin Fier, Darktrace’s director of threat intelligence and analytics, tells us for Darktrace partners and resellers, these new modules represent an opportunity to tackle previously unaddressed concerns among their clients and companies.

Email attacks, including spear-phishing, spoofing and supply chain attacks, remain one of the major ways cybercriminals gain access to businesses,” he said. “As companies migrate to the cloud and work with an increasing range of SaaS applications, new vulnerabilities will emerge and increasingly be exploited by attackers. These AI response modules were developed in part due to conversations with customers and partners who mentioned there was a need in the market for this type of contextually driven, intelligent response technology.”

Darktrace claims to be the only company on the market that offers AI cyber response technology, proven across thousands of customers.

“Whereas other organizations rely on automating a defined playbook, Darktrace AI is capable of intelligent, proportionate responses to fast-moving threats,” he said. “Faced with an industrywide cybersecurity skills shortage and machine-speed attacks, Darktrace’s ability to respond in seconds and buy back time for security teams is a true game-changer. These new modules, by extending the cyber AI response capabilities beyond network to cloud, email and SaaS, are only further extending the competitive advantage of our cyber AI response.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like