Cybersecurity's All-Seeing Eye
One sobering reality of cybersecurity is that defense is far more difficult than offense. The attacker has to get it right just once, while the defenders have to get it right 100 percent of the time. Every cloud server, iPhone, or USB drive that connects to a company’s network is a point of vulnerability. Large companies have an average of 579 cloud apps in use, most of which aren’t sanctioned by their IT departments, according to cloud security company Netskope. “There is no longer a perimeter,” says Alan Wade, former chief information officer for the CIA.
The megabreaches of the past year highlighted the porousness of companies’ defenses. Criminals ultimately compromised the data of about 70 million Target customers by first hacking a small vendor in Pittsburgh that had permission to log in to the retailer’s network. At JPMorgan Chase, hackers found a server that purposely lacked some protections to let developers access it to test new code and applications.
Companies have a variety of cyberweapons to deal with everything from crude distributed denial-of-service attacks, which overwhelm a website with requests for data, to sophisticated malware that exploits previously unknown software flaws. In an October report, consulting firm Frost & Sullivan noted that one company had deployed 85 different security tools from 45 vendors. “With so many tools and technologies to manage, the administration and coordination can become a nightmare, especially for larger organizations,” says the report.
To manage this complexity, companies need a dashboard capable of integrating functions such as analyzing newly detected malware, identifying infected network PCs, and then outlining how an IT manager can fix them. “We don’t have a lot of tight integration between tools that can detect and then respond and then present that information in one integrated console,” says Lawrence Orans, an analyst at technology research firm Gartner.
The quest for an integrated solution was likely behind Cisco Systems’ $2.7 billion acquisition in 2013 of Sourcefire, a company specializing in network security technology, including an intrusion prevention system. It may also be a factor in FireEye’s January purchase of Mandiant—the former’s strength is detection; the latter’s expertise is forensics.
Cisco and McAfee have rolled out products intended to function as central hubs. Cisco’s is called the Platform Exchange Grid, and McAfee’s is the Threat Intelligence Exchange. In February, CSG Invotas introduced Security Orchestrator, a program that unifies security data onto a single screen and can automate some functions. An employee in the IT department can push a button to reset a compromised user’s password instead of having to do it manually. “Our tool turns that data into actions, and when we turn that data into actions, it doesn’t require people to do what machines do a whole lot better,” says CSG Invotas’s chief information security officer, Peter Clay.
Jon Oltsik, an analyst with Enterprise Strategy Group, says that while cybersecurity software vendors are making progress in integration, no one is quite there yet. “Gluing all those things together is still very difficult.”