The cybersecurity environment is one of constant one-upmanship where the bad actors always seem to have the upper hand. Since the dawn of the digital age, security professionals and product vendors have scrambled to keep up with every new angle and method the bad guys develop, yet the “holy grails” of a true moving target defense and a single-pane-of-glass command and control have remained out of reach. One of the key reasons for this is that new solutions have simply been stacked on top of old ones rather than finding new approaches that could finally put the black hats on the back foot.
In this blog post we’ll provide a (very!) brief overview of the evolution of security solutions and examine how the complexity of their implementation only continues to increase while never providing a truly reliable solution.
One of the earliest efforts to improve cybersecurity was to place related data or applications into “silos” that organized databases and systems could, theoretically, monitor more easily while preventing bad actors from getting “too deep” into the system. Silos typically separated not only the databases of various parts of a business’s ecosystem, but also the security of different processes like email security, network security and endpoint security.
As bad actors’ methods improved, however, this method turned out to be a severe hindrance, as security managers couldn’t generate a complete picture of their attack surface, nor understand how their remediation efforts might impact other walled-off parts of the business ecosystem. And as external threats continued to multiply, new methods were devised and implemented to overcome these issues.
The first significant effort to address the negative impacts of silos and provide full visibility to security operations was Security Information and Event Management. At the most basic level, SIEM uses processes to record and log everything that happens within an ecosystem and make it centrally available to SecOps.
While this does provide more visibility of the attack surface, it tends to produce an overwhelming amount of data that is difficult to interpret and does not, by itself, provide any solution to actually direct security responses.
SIEM has not been abandoned, however – it is still a key tool in most security efforts. It has simply been built upon as both threats and systems have become ever more complex.
Security Orchestration, Automation, and Response was the next big step in security efforts. SOAR seeks to make the flood of data produced by SIEM more usable by centralizing it, automating simpler tasks like scanning and logging, and providing a level of guidance for SecOps to act. While it did mark an improvement over plain SIEM, it remains a highly complex process. SOAR solutions require a great deal of expertise to set up and monitor every application and technology within an ecosystem. This complexity only continues to increase with the growth of microservices and the multicloud environment.
THE NEW SILOS: MICROSERVICES AND THE MULTICLOUD ENVIRONMENT
The development of cloud, multicloud and hybrid environments, as well as applications and microservices designed to work within them, has effectively created a new form of silos. Each cloud provider requires specific expertise to work within its software and governance rules, and various software and solution providers use different operating systems and other proprietary methods that make them extremely difficult to stitch together, particularly from a security operations standpoint.
The alphabet soup of security solutions has continued to expand, particularly through various methods of “detection and response.” But while each new iteration does help SecOps “keep up” with bad actors, these solutions still just continue to stack new methods on top of old and still face similar limitations.
Endpoint Detection and Response is possibly the most widely used of these new methods, especially with the explosion of work-from-home in the aftermath of COVID. The essence of EDR is to place a recording method on every single device connected to an ecosystem, and then monitor those recordings for anomalies that may signal an attack.
EDR, judging by its popularity, does have some value, but it suffers from the enormous effort it can take to install a monitoring agent on every endpoint in a business’s ecosystem, the difficulties of stitching together a multitude of different technologies and operating systems, and the lack of confidence that every endpoint is, in fact, monitored.
Network Detection and Response seeks to overcome some of the flaws of EDR by monitoring network traffic that moves between endpoints rather than the endpoints themselves. This, to a certain degree, does provide a level of central visibility and control, but it ultimately provides a fairly opaque pane of glass rather than providing full, clear visibility.
NDR is particularly affected by the widespread adoption of multicloud and hybrid environments, as security operations may no longer be able to define or control their full “corporate network.”
Extended Detection and Response is the “latest thing,” so to speak and essentially seeks to “corral” the complexity of all the other methods. The usual focus of XDR solutions is once again to provide the elusive single-pane-of-glass overview that is so desired among security professionals. Vendors provide the ability to ingest EDR and NDR info and logs, as well as SIEM and SOAR info, and present that information and relevant analytics on a centralized control panel.
Ultimately though it is another layer of complexity built upon previous layers of complexity, none of which ultimately provide full-confidence visibility nor the true solution to cybersecurity threats – a reduced attack surface and a moving target defense.
A LOOK AHEAD
The security solution industry, while constantly applying buzzwords to their products like single pane of glass, reduced attack surface and a moving target defense, still continues to stack layer of new complexity upon layer of old complexity and only seeks to keep up with bad actors rather than actually outsmart and outmaneuver them.
The real answer to your security needs is a solution that doesn’t simply try to “build over” the flaws of previous methods. You need a new approach that doesn’t rely on managing incompatible operating systems or cloud solutions, that isn’t based on analyzing old hacker methods to detect new attacks, and that can entirely eliminate the “what don’t I know?” question that haunts every SecOps professional.
Ntrinsec’s groundbreaking, patent-pending security solution is just that type of answer. It takes an entirely new approach that makes older solutions obsolete. It provides the highest-confidence single pane of glass visibility and control while using the highest confidence automation to provide a true moving target defense that delivers a virtually hack-proof ecosystem.
Contact us for a demo.