The Cloud Security Alliance (CSA), the world’s leading organization, which defines and raises awareness about the best practices ensuring a secure cloud computing environment, released Cloud-Based, Intelligent Ecosystems – Redefining Intelligence and amp; Driving to Autonomous Security Operations.
The paper focuses on addressing the disconnect within cybersecurity, thus increasing numbers of security solutions that only make enterprises more vulnerable. In the document, the authors urge security executives to break the endless cycle of iterative tool adoption. Instead, they are looking for data-centric security operations driving integration and automation while parallelly leveraging cloud-based fusion.
“We are in a cyber arms race that has precipitated a security tool-race with adversaries’ evolving attacks forcing us to spend more to try to defend ourselves. Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders,” said Jim Reavis, Co-founder and CEO, Cloud Security Alliance. “We are increasing operations and personnel costs, but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries’ success.”
After conducting a thorough study, CSA recognized the problem and identified a critical gap. The lack of a capability that can exploit and fuse performance easily from deployed security resources and threat intelligence. At least five different cybersecurity problems arose during the examination:
- As security technology and adversaries are changing with a pace, keeping track of new and emerging problems has made it challenging to study the situation and the underlying issues that could lead to more pronounced threats.
- The vendor community is currently concentrating on a “single pane of glass” that visually represents event data. This good idea is limited because the wealth and diversity of event data are hard to describe, along with the pace of malicious activity. Moreover, buyers are keener on sticking to a single pane, given the significant investment in major security products training.
- The existence of a readily implementable sharing protocol and ontology for data-labeling has delayed development.
- Until recently, the “valley of death” for convergence and automation has reflected the normalization and transformation of fragmented data sets from surveillance tools and intel sources.
- A change from a single focus on software and products to secure systems that focus on security systems-generated data.
The paper unpacks “intelligence” and discusses the complexities of incorporating data from internal security instruments and external threat feeds, and talks about the lessons learned from the “sense, understand and act” approach of the autonomous vehicle industry.
The authors suggest secure, smart environments to improve data workflow, apply machine learning, and discuss security business analytics and evaluate business performance for boards of directors, chief information security officers, and security operators. Finally, areas for further exploration and investigation are proposed in the text.
“We, as security defenders, need to act, but our success will be temporary until we break the cycle and place a new cornerstone for cyber defense — cloud-based, data-centric defense. It’s time business leadership takes the initiative to break the cycle and defend their companies through data-centric, integration, and automation of their tools and overall architecture,” said Paul Kurtz, Board of Directors, Cloud Security Alliance.