BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Why Understanding And Control Should Be Key Parts Of Your Cybersecurity Portfolio

This article is more than 6 years old.

Lately, I’ve been paying particular attention to the concept of having a cybersecurity portfolio. It’s a view that looks at the need for enterprise-grade cybersecurity from a viewpoint akin to a savvy investment strategy: you want diversified investments, spread across a variety of assets to maximize your return. In the case of your finances, that might mean a healthy mix of higher risk investments along with consistently performing mutual funds. For cybersecurity, it means not putting all your proverbial eggs in the basket of prevention or detection, but having a balanced security spend that allows you to prevent, detect, respond, and remediate threats. The foundation of this idea is that there is no perfect perimeter security. Threats will get in and so you must have mechanisms to limit their reach and counteract them.

Illumio

As I’ve pointed out throughout this series, central to the idea of the cybersecurity portfolio is the need for companies to know themselves. There’s no one-size fits all portfolio that will be right for every business. Each business has different assets, in different places and infrastructures, and therefore, the way it protects those resources must be unique.

I’m not alone in thinking this. Illumio’s approach to cybersecurity can be compared to the model employed by the Secret Service to protect the president, and in this piece, I want to show how a product like Illumio fits into the cybersecurity portfolio as a whole. I spoke with Nathaniel Gleicher, Illumio’s Head of Cybersecurity Strategy, about his thoughts on cybersecurity and how the insight a product like Illumio provides can support a balanced cybersecurity portfolio.

The ultimate power is understanding

My discussion with Gleicher focused less on the benefits of individual products, or on which aspect of the cybersecurity spectrum companies should devote more of their resources to, than on a larger philosophical question about the nature of quality security. Gleicher says that prior to pursuing any security strategy, companies should take a step back and do a meta-examination of what they need this strategy to produce. And that answer, in stark comparison to the individuality companies may need in the cybersecurity portfolio itself, should be the same for almost all businesses.

“The ideal portfolio delivers continuous understanding of your environment and the threats you face,” Gleicher said. “If you want to make detection better, you have to invest in understanding and control.”

Nowhere in tech is the old adage of knowledge is power more pertinent than in relation to security. Threats thrive when companies have little transparency into their own operations, when intruders can move laterally from one system, or one network, to another, without being detected because the business lacks controls and the ability to see its technology in its entirety.

“The common pattern in virtually every major breach is lateral movement,” said Gleicher. “If you can make lateral movement hard, you make breaches hard, or at least you make execution hard.  As a cybersecurity community, we’ve been working for some time in different spaces to build up deterrent tools and help government work better and more effectively. I have become increasingly convinced that the biggest problem isn’t just deterrence.  It is how much easier it is to be an attacker than a defender, how unbalanced the playing field is.”

Illumio does extensive live application dependency mapping to show how all of the components (namely, the applications) of your business are connected. But perhaps the most important part of Illumio is that it delivers adaptive segmentation, which is a way to have high-level, simplified security policies in place that stop the lateral movement of threats and enable a quick response to remediate. This is what Gleicher means when he advocates that companies  have understanding and control.

“All physical security relies on understanding,” Gleicher told me. “There’s no physical security discipline where you would try to protect a space that you didn’t understand.  And yet often in cybersecurity, that’s what we’re forced into because we’ve said that the data center is too complicated, it changes too fast, it’s too heterogeneous, and we just can’t do it so we’re going to focus on detection instead. This puts organizations at an incredible disadvantage, because they’re defending an environment that they don’t understand. A better approach is to put a policy model in place that can help you understand your environment and keep up with change. That is often one of the most transformative pieces of what Illumio delivers, because it means people can actually say that’s my application and that’s what’s in it and that’s what it’s communicating with. When you get that ground truth, it completely changes your capacity to protect the environment.”

The basic idea governing Illumio’s approach is to map the communications between applications in real time. Illumio’s Policy Compute Engine identifies any instances where policies are violated and applications are communicating with one another that shouldn’t be, and then allows you to secure them with their adaptive segmentation technology. But the goal is to have a policy engine that manages everything from granular to fine-grained policies, rather than the current manual process used with so many firewalls. There is simply no way for a human overseeing a firewall to process and analyze 15,000 or more rules. With Illumio, human oversight only has to account for 50 or so, then the policy compute engine manages the rest. This greatly aids in achieving the understanding that Gleicher so passionately calls for. Segmentation, or limiting what can communicate with what, then offers the type of control needed for strong internal and external security.

“First you have to understand what your security vulnerability looks like and then you can ask how to surround it and with what capabilities,” Gleicher said. “You can’t just have an abstract bunch of rules about balancing the portfolio without knowing what somebody’s footprint is.”

That is why Gleicher and I agree on one important aspect governing the entire cybersecurity portfolio discussion: you must have governing policies that lead to insight and transparency.

Thus, a product like Illumio can apply across several categories of cybersecurity I’ve outlined previously in the series. It isn’t focused exclusively on detection, prevention, remediation, or recovery. The understanding into your company’s security vulnerabilities and strengths enables you to then make better decisions across all these categories. As its name suggests, illumination is the key to quality cybersecurity; opacity feeds vulnerability. It’s therefore essential to have the capacity to gain this understanding so that your spend across the rest of your profile can be as effective and targeted as possible.

 

Follow me on Twitter or LinkedInCheck out my website