Clik here to view.
By Hugh Tatton-Brown, General Manager, Security Portfolio.
Security platforms are a good first step but we need more, we need a holistic security ecosystem — my challenge to the security industry.
Conversations behind closed doors.
As part of my role within BT Security, I am responsible for all of our relationships with our partners and vendors. The financial investment we make with them to protect ourselves and our customers is significant. As a result of this and our own security expertise and intelligence, we’re able to have first-rate, open and honest conversations with our partners.
But why should these conversations stay behind closed doors? I believe this discourse will benefit from input from others. We in BT do not have all the answers, nor do our partners. However, as a security community, we do. And we need these answers quickly.
Taking this into account, and as I prepare to head out to the RSA Conference to meet with our partners and vendors, I thought this would be an ideal opportunity to spark an online conversation.
The problem.
We’re all lucky to be in a market that matters to everyone; whether it’s home broadband users who’re worried about what their children are doing online or big business protecting its data, or even governments trying to protect their national security. This attention and interest in security has led to a vibrant marketplace. But while innovation is all around us — in the large security vendors, right down to the small start-ups — the problem is that they’ve been generally innovating in their own bubbles.
We have access to some of the most exciting and inventive security capabilities and controls, but, generally speaking, the creators of these security solutions aren’t communicating with each other. And this means that attackers can simply work out ways around the defences (e.g. insider attacks). Larger organisations, with bigger budgets, will generally deploy security information and event management (SIEM) to pull these individual controls together. However the SIEM will usually just monitor the controls it knows and understands, and the onus will be on the SIEM to stay up-to-date with the innovation. We therefore end up relying on people and processes to stitch together these controls to provide actual security. And the problem with people and processes is that they are expensive, slow and fallible.
The first step.
This problem is not new, and the security industry is well aware of it. This is one of the reasons why controls that work with traffic or data are exploiting this position to create platforms.
They’re moving away from multiple boxes, multiple operating systems and multiple management platforms to provide multiple controls to a single box, with a single operating system and single management platform that can handle multiple controls. This means that the controls within platforms can talk and interact with each other, which provides obvious security benefits. And it also has considerable costs benefits, as the same controls can be delivered by fewer boxes, less configuration and less management overhead.
However, nobody has only one platform to provide all their controls, so we still rely on people and processes to stitch the different platforms together — and attackers can find ways around the multiple platforms.
My challenge to the security sector.
What we need is a security ecosystem in which all security controls, from all vendors, can talk to, and interact with, each other. We should allow our global security innovation to focus on:
- predicting new threats or vulnerabilities and creating actionable intelligence
- pre-empting threats by finding and closing known vulnerabilities
- monitoring and detecting threats as they happen, or just before they do
- reacting to, and remediating, identified threats.
To stay ahead of the threat curve we need to enable all security controls, whatever the vendor, to be able to talk to and influence each other in real time without the need for human interaction — and that’s what I challenge the security sector to do. We need to create a security ecosystem that is a holistic control in itself, and one that’s able to react, in near real-time, to current and evolving intelligence. We need to free up time to allow people to focus on discovering things we are not looking for (discovering unknown unknowns).
To create this ecosystem, we as a community need to define a security standard. This standard, whether de-facto or regulated, needs to be created, and created fast. Therefore my challenge to our partners is: how are you enabling this ecosystem? What can you do to create this standard? In particular, I call on the following partners to respond (however this question is open to all):
- Arbor
- Bluecoat
- CA Technologies
- Checkpoint
- CISCO
- Darktrace
- Fortinet
- Intel Security
- Juniper
- Tripwire
- Zscaler
- Palo Alto
- Skybox
- Arrow.
We’re in San Francisco from 29 February to 4 March for RSA 2016. Join us in the South Hall at booth 707 to discover how we can help protect you from evolving security threats. Our booth becomes a battlefield for Packetwars™ during the conference and will also play host to a book signing for Craig Smith on Tuesday 1 March. You can hear from BT Americas’ CTO Konstantinos Karagiannis on Wednesday 2 March at 11:30am, in a session discussing ‘The Rise of the Hacking Machines’.