Gart­ner Sum­mit Re­ports

Mark Ni­co­lett, man­ag­ing vice pres­i­dent at Gart­ner Re­search, re­views the se­cu­rity per­cep­tion among cor­po­rates:

Banking Frontiers - - News - [email protected]­ingfron­tiers.com

Manoj Agrawal: What are the cy­ber crim­i­nals think­ing these days?

Mark Ni­co­lett: It is dif­fi­cult to dis­cern what is com­ing from that com­mu­nity. At­tack­ers have done ex­tremely well by fo­cus­ing on vul­ner­a­bil­i­ties that have been ex­posed for a while and they find lots of such op­por­tu­ni­ties. They also have zero day ex­ploits. Once it is ex­ploited, its value de­creases.

What is your eval­u­a­tion of the prepa­ra­tion and re­sponse by the com­pa­nies at large?

Most com­pa­nies work in a re­ac­tionary mode. The vast ma­jor­ity are not at the point where they are in­te­grat­ing threat in­tel­li­gence of past and present at­tacks. So, the first step is for or­ga­ni­za­tions to pri­or­i­tize both their patching and block­ing ac­tiv­i­ties. That is an area where some im­prove­ment would be bring in pro­duc­tiv­ity. What is hold­ing them back is the lack of abil­ity to au­to­mate this un­til re­cent times. Com­mon prac­tice is to pri­or­i­tize re­me­di­a­tion based on sever­ity of the at­tacks. Only a tiny frac­tion of the vul­ner­a­bil­i­ties that are ex­posed are be­ing us­ing for at­tacks. Block­ing func­tions come by the user com­pany.

On a prac­ti­cal level, the fo­cus is more on de­tec­tion and re­sponse and less on patching and block­ing. That trend is well un­der­way. There is in­creas­ing de­mand for man­aged de­tec­tion and re­sponse com­pared to alerts. Se­cu­rity mon­i­tor­ing is broad but noisy.

When a com­pany makes a de­lib­er­ate choice-based pric­ing de­ci­sion, what se­cu­rity as­pects typ­i­cally get com­pro­mised?

What gets com­pro­mised is staffing. There is bud­get to ac­quire prod­ucts or ser­vice, but it re­quires la­bor and that is where the prob­lem is. It is true that tal­ent is hard to find and re­tain. Also, process de­vel­op­ment is slow. Com­pa­nies have bud­get for tech­nol­ogy, but there are re­stric­tions on head count. There are so many tech­nolo­gies to op­er­ate that they op­er­ate each one poorly. The tech­nol­ogy runs but nei­ther ef­fec­tively nor ef­fi­ciently.

The so­lu­tion is to chal­lenge the con­ven­tional wis­dom on risks and con­trols. For ex­am­ple, strict pass­word hy­giene is known not to be ef­fec­tive, but it is still re­quired.

What are the re­cent ini­tia­tives in com­pa­nies to de­fend them­selves?

There is a big jump in the in­ter­est in de­tec­tion and re­sponse. Ef­forts are fo­cused more on de­tec­tion rather than doc­u­ment­ing. Use of be­hav­ior an­a­lyt­ics – use and net­work – is a big leap. Sim­i­larly, us­ing pro­file for anom­aly de­tec­tion. There is ven­dor sup­plied con­tent such as threat model. It is dif­fi­cult to go out­side the mod­els pro­vided by ven­dors. Sig­nal to noise ra­tio is still too low.

How ef­fec­tive are the var­i­ous new com­pa­nies that are com­ing into the mar­ket? How are the large se­cu­rity ven­dors re­act­ing?

There is a ten­sion in the mar­ket. There is pres­sure to cre­ate point solutions, es­pe­cially by star­tups. They gain trac­tion and lot of VC money is thrown at them. Some of these get ac­quired by the larger ven­dors and the new ca­pa­bil­ity is in­cor­po­rated by the big com­pa­nies. Fi­nan­cial com­pa­nies are early adopters of the point solutions – in some cases they be­come co-de­vel­op­ers.

Other com­pa­nies wait un­til their in­cum­bent ven­dor ac­quires the so­lu­tion and of­fers it. Maybe there is room for a few point solutions. A lot of com­pa­nies are okay with the good enough and not the best. Sta­ble ven­dor helps pro­duc­tize the solutions.

Most new solutions are driven by higher sig­nal to noise ra­tio. Later on, they face is­sues around de­vel­op­ing sup­port for what­ever they are of­fer­ing. There is need for con­tent for other use cases and generic cases. That is where dif­fer­ences in prod­ucts show up. Also there is the is­sue of de­vel­op­ing user in­ter­face.

Many a times, big ven­dors have mul­ti­ple pri­or­i­ties and can­not fo­cus.

Mark Ni­co­lett af­firms cy­ber crim­i­nals have done ex­tremely well for a while and they find lots of op­por­tu­ni­ties

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.