As Security professionals, we have all seen technologies come along that change our way of thinking about a function or a traditional approach. However, an advance rarely has the potential of changing our paradigm and significantly improving our overall ability to secure our organizations. Integrated Cyber Defense is one of those advances.
One of the biggest challenges plaguing cyber defense over the last 10-15 years is complexity, caused by the proliferation of discrete technologies and tools to identify and respond to threats. These tools do not communicate with each other, making it hard to respond quickly to threats like malware, which can replicate in milliseconds. They also require you to cultivate a team or ecosystem with a vast array of ever-changing skills to manage them, against the backdrop of a continuing cyber security skills gap.
In addition, disparate systems from ticketing and threat analytics to data links for SIEMS necessitate pulling threat data from each system separately and manually correlating it. This also takes time, creates opportunities for things to go wrong, and makes it easier to miss something important.
As threats continue to multiply, responding with these fragmented tools is no longer good enough. Fortunately, Integrated Cyber Defense will be a game-changer in helping organizations find and address threats. Although still in its early stages, ICD offers many current and theoretical benefits.
1. Integrated Cyber Defense (ICD) helps reduce complexity so you can respond to threats more quickly.
ICD is a platform that serves as an intermediary between products and the tools using those products. Ideally, it would tie endpoint security, email solutions, cloud apps, identity platforms and third-party software—all the things you may have different teams for—into one single pane of glass. In an integrated environment, you can detect, segregate and respond to threats much better and faster than you ever could before. Although analysis of data originating in various systems may still require some human touch, it is typically quicker and far less manual.
2. ICD reduces cost and can help you maximize your cyber defense investments.
By giving you visibility across all of your products and tools, ICD reduces the level of tool management you need, which lowers overhead. For example, you can apply a filter in one place instead of in ten.
But ICD will do more than just reduce your overhead costs; it can help ensure you are maximizing your cyber defense investments. The move to integrated cyber defense begins with a discovery process during which you determine what you own and why, user behavior, and business needs to identify any gaps or overlays you currently have. It helps you understand if you are getting the value you need from each of the tools you own so you can make smart renewal decisions.
3. It gives you better data visibility and historical search capabilities by normalizing data before committing it to storage locations.
ICD can also normalize data from different tools that may have been entered differently—for example dates that have slashes from one system as opposed to dates without slashes from another—before committing it to storage locations. This improves your ability to search and correlate on the front end—a huge benefit that is often overlooked.
4. It helps you ensure that data is moved into the right storage locations.
With ICD, you could add filters on sensitive data to ensure that you keep certain data like PII (personally identifiable information) in-house in an environment where you have full control, and send the rest into the cloud. This simplifies a process that is now a huge challenge to organizations.
5. It allows you to repurpose your people to provide more value.
Instead of managing tools, ICD will enable your people to focus on things that matter exponentially more to the business, like assessing and analyzing data so they can be more proactive. One client says that his goal is to get his guys “out of tools.” He believes that if they spend too much time managing tools—updating them, providing the needed care and feeding—they lose the real-world experience of hunting threats and protecting the business.
6. It enables you to shift your focus toward user behavior analytics.
The speed of information and the normalization of it will give you a better picture of typical user behavior and anomalies. For example, you could quickly identify a user logging into the VPN from a location that is unusual for your company. You could automate responses around a standard set of actions or rules based on that activity, such as “when x occurs, y takes place,” so that the person behind the unusual log-in is automatically segregated, tracked and removed from your network.
Clearly, as solutions continue to be developed and improved spanning more products and technologies, ICD has huge potential to make the difficult job of securing data significantly easier.