Are cybersecurity defences falling short despite well-intentioned practices?
Ted Heiman, Enterprise Cyber Security Specialist and CISO Guru, sat down with Dan Haagman, CEO of Chaleit, to unpack the pitfalls of disjointed point solution deployments and the promise of cutting-edge technologies like artificial intelligence.
Discover why a more integrated, efficient, and automated approach is needed to address the intricate web of challenges that Chief Information Security Officers face and why hygiene is sometimes more important than the next shiny solution.
CISOs talk about being understaffed mainly because they have massive work to do around managing many point solutions.
One too many point solutions
Historically, various startups emerged, each dedicated to solving a specific security problem. These point solutions addressed individual issues effectively, but as CISOs adopted more of them, managing and maintaining these solutions became increasingly complex. Limited resources and staffing compounded the issue, requiring specialized personnel for each solution.
CISOs talk about being understaffed mainly because they have massive work to do around managing many point solutions.
The situation worsened as these solutions failed to communicate with each other, resulting in a flood of reports that demanded thorough scrutiny to identify potential threats.
Consequently, CISOs needed an easy way to integrate technology with the enterprise. That’s when API integration became the norm.
The unintended consequences of API integration
To simplify integration, companies deployed numerous point solutions, each leveraging APIs.
While APIs initially offered a simple and efficient integration method, this unintentionally gave rise to an entirely new challenge and industry: API management, focused on overseeing and tracking the multitude of APIs deployed.
Here’s the critical question: When systems get decommissioned or replaced, are the corresponding APIs deactivated?
Failing to do so could leave backdoors for potential security breaches, as malicious traffic in APIs can mimic regular traffic, making detection challenging.
A CISO would prefer solutions that communicate with each other to limit their attack surface and reduce the number of man-hours required just to manage all the moving parts.
The role of SIEM in managing point solutions
CISOs face a lot of noise from the reports from these point solutions. It’s an overwhelming amount of data to go through, and they just don’t have the time or resources.
Security Information and Event Management (SIEM) systems have become the central hub for collecting data from various point solutions. While the current setup is functional, it is far from ideal for CISOs seeking streamlined communication and collaboration between solutions.
A CISO would prefer solutions that communicate with each other to limit their attack surface and reduce the number of man-hours required just to manage all the moving parts.
AI could crawl the massive amounts of data generated by point solutions, identifying key points that require immediate attention.
The promise of AI in cybersecurity
This shift towards automation could streamline the manual process of analysing reports and enhance the overall efficiency of cybersecurity operations.
Networks are sophisticated and grow organically. Companies don’t start as Fortune 100; they evolve. Their networks expand because they need more communication with divisions, partners, vendors, etc.
Then acquisitions happen. When you acquire a company, you get both its good and bad aspects. You must figure out how to tie all that into your SIEM and ensure it works.
There is hope amidst these challenges in the potential of artificial intelligence to alleviate the burden on CISOs. AI could crawl the massive amounts of data generated by point solutions, identifying key points that require immediate attention.
Cyber hygiene is critical
Every year, a CISO identifies a product that they need to deploy. It’s the next shiny object. It will cost the company six figures and may solve a specific problem. The whole team will be focused on that, often overlooking the basics.
Enterprises have real challenges around patching all of the deployed applications. Not taking care of the basics is like installing the most sophisticated security system and leaving the window open.
At a minimum, patching weekly and ensuring every application runs the most current version will minimise the opportunity for somebody to breach your network.
Every application gets an update at some point. Updating and patching all the software is critical. It needs to be done fairly quickly because of the threat out there; malicious actors find out quickly where these back doors are. They look for companies that haven’t implemented the fix yet so they can leverage whatever that weak point is to get into the network.
At a minimum, patching weekly and ensuring every application runs the most current version will minimise the opportunity for somebody to breach your network.
Stay tuned for part 2 of the conversation between Ted Heiman and Dan Haagman to better understand CISO challenges and potential solutions, and check out our blog for more valuable insights from industry experts.
Not sure if the windows are open on your security system?