Last month, we looked back at Fortune’s Brainstorm Tech 2019 in Aspen, Colorado. During a lunchtime cybersecurity roundtable, the featured speakers were asked a two-part question: What’s the biggest challenge the world faces with respect to cybersecurity today? And what is the solution? We posed the first question to Shahin Pirooz, CTO and CISO at DataEndure in our previous post. This month we will look at the solution.
For decades, security has been built around models that assume the availability of fixed perimeters, hardware security appliances, physical proximity of data and application assets, and control of physical topology. Virtualization, cloud hosting, and software defined infrastructure disrupt these assumptions dramatically. This demands new security strategies; specifically, a shift in security and compliance delivery through abstraction, automation, orchestration, automatic scaling, and API enablement.
Traditional security tools have become too labor-intensive to effectively manage, don’t leverage user context to make decisions and can’t keep up with the pace of business. And our adversaries have way more resources than we do.
Software Defined Security (SDS) is the future. Just as software defined networking (SDN) has commoditized the network engineer and enabled virtualization of this last infrastructure frontier, SDS will do the same for security controls. SDS at its core will be a policy-driven, software-defined approach to implementing governance, risk and compliance (GRC) controls in a given environment and leveraging deep learning to ensure those controls are met and maintained.
We have seen the beginnings of this with Security Orchestration and Automated Response (SOAR), where we take a process flow and automate it via scripting. Imagine taking this to the next level, adding machine learning and the promise of the ever out of reach AI. This creates an “automated” security analyst function that monitors all of the feeds coming in, using the power and knowledge of the internet to look up and validate threats against public threat databases to determine potential actions and responses and then remediate the issue before it becomes a problem. While this is all a bit pie in the sky and looking to future us and future capabilities, this model has the potential to dramatically impact an organization’s ability to efficiently and dynamically address security threats and attacks – known and unknown.