Depending on how you look at it, the past year was either tough for security professionals or it showed the world how complex and interesting this field really is. After all, we’re not working to identify some deterministic software bug — we’re combatting real adversaries who are constantly testing our defenses.
Like many of you, I spend a lot of time talking to customers, partners, and other security professionals, and there is clearly a lot we can do to become more effective for our organizations. Here is my take on what the security community should resolve to accomplish or overcome as we move forward.
1. Embrace the machine.
We have access to programmable technology today that is compatible with other systems, and capable of massive correlations using data from many sources — logins, proximity card data, Web behaviors, locations. We have agents on users’ machines that log information about process execution. And we have rich, intelligent sources of threat information from third-party vendors and other experts.