When it comes to cyber security, complexity is the greatest threat.
This was the word from Ljupcho Joshevski, Cisco's head of cyber security systems engineering for EMEAR, speaking at the start of the Cape Town leg of ITWeb Security Summit 2019 this morning.
Integration is fundamental to defence. We all know the attack landscape is evolving constantly but throwing more and more security at the problem is not a viable solution.
Highlighting the different challenges contributing to the globe's large and scary security problem, Joshevski described complexity as a major concern. When looking to protect our companies, we tend to look for more and more products to solve our issues. Many businesses believe upping their investment in security means they are safer. But this is not the case, he explained.
It's a bit like putting on additional layers of clothing when feeling cold; starting with one extra layer, then adding another. Still cold? Add another and another.
Sure, this approach may achieve the desired results but it becomes problematic when wanting to access something located in a pocket of the bottom layer. And now make these layers super-expensive and tricky to clean, resulting in a great representation of the security infrastructure at many modern businesses.
More layers do not mean better security and when there are multiple security layers, these different defence mechanisms typically do not interact all that well with each other.
This approach creates what Joshevski dubs a security investment gap. "You invest so much that you hit this entirely unmanageable level of complexity. But the focus should rather be on upping capability."
This situation also causes complacency. When getting so many security alerts from all the solutions used to keep the organisation safe, it's likely the business will struggle to make sense of them and, inevitably, start ignoring them. In fact, Joshevski noted that around 44% of alerts are not even investigated.
Outlining how to move away from complexity and feelings of being overwhelmed, Joshevski stressed the importance of asking the right questions. What is important? What is dangerous? What is real?
Answering these three questions will help business executives and IT teams to make the best security investments, he advised. Vendor bloat is a reality and it is something that should be avoided as much as possible.
According to Joshevski, businesses must think of their security systems as a piece of architecture. It is critical that all of the different elements fit together to create a functional, manageable whole.
"Everything has to integrate with everything else. From threat intelligence and event visibility to context awareness and automated policy."
When considering there are multiple security companies around the globe, many of which do not really work well with each other, this is a problem, he said. Especially given the fact that sinister actors find it easiest to attack organisations at their "seams": those gaps left between different technologies that do not seamlessly merge together.
Cyber threats are here to stay, making a simple and seamless defence system more important than ever before, he concluded.
"There is no silver bullet." Companies cannot fight cyber crime with technology alone, nor should they try to do so.
Share