Gareth Cox, Vice President of Sales, APJ, Exabeam, discusses why a collaborative approach to cybersecurity may be the only way to defend against today’s advanced threats.
As the modern world is beset by ever-more common and sophisticated cyberattacks, the very tools focused on threat detection, investigation and response (TDIR) are ready to be laid to rest.There are several reasons for this, but one of the most pertinent and increasingly recognised is that no single solution is able to lock out all the adversaries. Despite this, many vendors persist with single-vendor lock-in contracts and all-encompassing licence agreements. The truth of the matter – there is no ‘one-size-fits-all’. No single vendor is capable of plugging all the breaches, analysing behavioural patterns and predicting where threats might lie. There are simply too many factors at play.
The capitalist market dictates that all vendors try to gain a monopoly, or at the least the largest slice of the pie, but cybersecurity needs to evolve beyond this point and accept that collaboration is a far more effective way of doing business.
Siloed information is still a contributing factor as well. The applications that contain clues and information vital to detecting threats are becoming more widely distributed, and the contextual information they hold is often viewed in isolation or not at all. This makes the ‘security nirvana’ of holistic visibility across the organisation difficult to achieve.
Cloud-based applications are great for mobility and workflow, but pose a whole new set of issues for threat detection. Security is no longer based on the concept of a secure perimeter, it needs to assume that threats already exist inside the organisation – whether that be a stolen password, compromised device or even a malicious employee. Therefore, secure identity has replaced the perimeter border and needs to be the main focus of SecOps moving forward.
For these reasons, SecOps needs to evolve. A security ecosystem must use data to understand normal and abnormal user and device behaviour for early detection of potential adversaries. Suspicious patterns of behaviour from humans and machines must be analysed and contextualised, then tied to proactive countermeasures. Like a colossal game of chess, it is imperative for TDIR to remain several steps ahead. The way to do that is through better collaboration on the vendor side, a lean system that is highly functional with few data silos and the concept of Zero Trust.
Attackers will breach defences – security teams must have visibility into indicators of compromise and be able to rapidly move to nullify attacks before they take hold.