A Formula for CyberSecurity Success
Published 12:41, 30 June 10
I just spent a week in the Europe visiting customers, partners, and several mediaorganisations, andI was fortunate to host a group on a tour of the McClaren Formula 1 racing team factory, just outside of London.
This tour was fantastic and one I highly recommend. Formula 1 racing is extremely competitive and the rewards for winning are immense. The pace of innovation is measured in days, and engineers are continually tweaking their race car designs to gain a 1/10th second advantage on every lap.
Many of these innovations are unique to specific race courses, and the designs take into account known course turns, bumps, and even weather conditions.
The level of secrecy in development is high, since the team does not want their anticipated advantages revealed until race day. However, once discovered, competitors have the ability to respond within days and sometimes even before a race ends.
This competitive back and forth reminds me of our daily job requirement as security professionals to stay one step ahead of cybercriminals. Each time the security industry innovates a new defensive capability, our adversaries are quick to adapt their techniques, sometimes within moments.
Our equivalent of the different Formula 1 race courses are the varying and unique IT networks of our enterprises.These enterprises are very dynamic and become increasingly complex with each new innovation, such as cloud computing, virtualisation, SaaS applications, increasing mobility, expanding communication tools, and with mergers and divestitures.
However, the most common concern shared throughout my trip about securing the future had nothing to do with technology – instead, it centred on the lack of skilled security specialists available on the market to operate the tools necessary to secure enterprises.
I compare these security specialists to the Formula 1 design engineers and the race car drivers themselves.
During the course of a race, the driver has several hundred adjustments that can be dynamically made to the car on the fly to improve performance and competitiveness.
Many of these adjustments are determined by a remote team of engineers monitoring the car’s performance in real time. We need to cultivate our security specialists to have similar monitoring skills and ability to adjust and respond to changing threats.
This is difficult given the sophistication of the Advanced Persistent Threats we face. It is well understood that traditional signature-based perimeter security is no longer adequate to protect the enterprise of the future.
Rather, we need to move security controls and monitoring inside the firewall and begin to have an understanding of who and what is on networks, especially around sensitive data files, critical transactions and mission critical systems, in order to quickly identify anomalous behaviours.
At ArcSight, we are working hard to deliver these new capabilities and, in doing so, we are evolving our SIEM product into a platform for Enterprise Threat and Risk Management.
We believe that, if corporations can successfully implement an Enterprise Threat and Risk Management platform, whoever the supplier, it would be an enabler and accelerant to the enterprise of the future.
Threats and risks could then be mitigated, regardless of where they originate or penetrate a network. To accomplish this, there needs to be better training vehicles, more education venues, certification programs, on-demand courseware, and better collaboration tools for the community.
Cybercrime is a global industry, and we need to take a global response.