From Cybersecurity Sprint 2015 to CNAP 2016, the Federal government is building on previous cybersecurity-focused Executive Orders to bring cybersecurity to the forefront of the American public and national security discussion.
Much of the focus is in providing “experts” and “manufacturers” to help the government come up to speed and address these issues at an aggressive pace. As Einstein simply stated, “Insanity is doing the same thing over and over again and expecting different results.” Before we start, understand one thing: Einstein might have understated his premise.
The U.S. government has historically used multiple vendors to create a fair and even playing field. The creation of infrastructure and cybersecurity standards at many U.S. government facilities has created multiple gaps, voids, overlaps, and in many cases complete lack of usability. Going to the “cloud” for their resources has not appeared to fare any better with examples such as up to $1,000 to turn on or off a Virtual Machine, and one week to accomplish. Modernization and security cannot exist in this environment.
Most people will focus only on the goal without actually solving the problem, or gap. All actors need to understand what the final goal should be in order to create the best possible environment for success. The one glaring mistake that generally occurs is not having an understanding of the current situation. This is generally because vendors, IT personnel, stakeholders and even a project manager will have a microscopic view of their own “piece” of the project based on “their” product. Most vendors feel if you will only use their newest or latest and greatest “fill in the blank,” they can continue to “help you.” But, in reality, without understanding how all the pieces work together and understand where you are today, you will do nothing but create a larger problem for yourself moving forward. Speaking from more than 30 years in the industry, and building artificial intelligence ahead of the new technologies we are seeing, I can tell you without reservations, that “no one vendor has all the answers.” And if any vendor tells you they do, they are most likely lying to you.
The cybersecurity market is continuously driven by aggressive customer needs around the ability to recognize and analyze threats from outside the confines of the “classic” walls of the defined network and correlate them to the activities and resources of the users within the environment. Every day there are more than 200,000 new malwares, and more than 30,000 bad URLs being created. By the time you patch a system or purchase and install a new product, it is old or outdated. The biggest drawback is that each vendor has several “products” that work to secure pieces and parts of an environment, not end-to-end. Customers largely depend on staffs of analysts to continue to monitor threats and make changes within the environment after a threat has been determined.
If you as a customer only have $100 to spend on a solution, there are too many threat vectors, and personnel choices, to even begin to determine what might be the correct solution for you. You need to know which ones will directly affect you and your environment.
Fork lifting everything you have in your environment generally costs quite a bit of money and exchanges old problems for new ones that you may not understand, or have identified. Knowing how to install products as part of a “solution” vs. “stand alone” is the most difficult task if you are looking for best of breed, and need to work with different OEMs. First things first… PATCH YOUR ENVIRONMENT! More than 80 percent of all security breaches and vulnerabilities could be solved by simply patching your systems.
The nirvana in the industry has always been to realize threats in real time with mitigation, and adequately provided responses to these threats in real time. Therefore, applications in the sourced environment would not simply suggest, but automatically reconfigure and redeploy, the environment to maintain optimal utilization of resources while maintaining application performance.
Why are we not looking for the most probable threats today while closing gaps created from legacy products?