What’s the Buzz in the InfoSec and Cloud Community
Over the last two week’s I’ve spent my summer at Black Hat in Vegas and the AWS Summit in New York. An interesting cross-sector of security and the cloud, I asked the people I spoke to “what’s hot?” The responses from both events – very similar.
I asked multiple attendees and vendor personnel what they thought the top keyword phrases were at these events and here are the results of my unscientific survey. Three stood out:
- Security Analytics
- Endpoint Security
There was also significant buzz around Apple’s invitation-only bug bounty program (Apple will now pay for vulnerabilities found in certain aspects of iOS and iCloud). Let’s first touch on this announcement. While it initially sounded like a major announcement that “could help convince researchers to disclose problems to Apple and remain mute until the bugs are patched,” it’s limited to researchers with an existing relationship with Apple, so not exactly an open invitation for ethical hackers. These select researchers could collect fees up to $200,000, depending upon severity and category. Maybe this is the first step in a positive direction.
On to the List… First up Security Analytics
Top of the list for popular keyword phrases both on booth graphics and in discussions was security analytics. Needing no definition, the industry is embracing the notion that we can’t successfully remediate without meaningful analytics. Somewhat lost in this discussion is the idea that organizations of any size should focus first on preventative measures and that security analytics are all too often all about “what has happened” and not enough on spending to “prevent breaches.”
Next phrase: Orchestration. According to TechTarget’s SearchITOoperations, “to orchestrate something is to arrange various components so they achieve a desired result. In an IT context, this involves combining tasks into workflows so the provisioning and management of various IT components, and their associated resources, can be automated. This endeavor is more complex in a cloud environment because it involves interconnecting processes running across heterogeneous systems in multiple locations.” While a good definition, those interviewed at both events spoke of orchestration as being important to correlate and enrich security analytics, essentially intelligently collecting and meaningfully reporting on disparate security data to make good, quick decisions around remediation.
Among vendors productizing the phrase, CloudLock, recently acquired by Cisco, has a product called the CloudLock® Cybersecurity Orchestrator that is an “API-driven solution that aggregates data feeds across existing IT infrastructure to enrich security intelligence and harmonize data protection across on-premises and cloud environments for unprecedented insight and control.” It seems that security analytics that are successfully “orchestrated” will provide the most relevant data to organizations. IntelSecurity also provided several pieces of collateral at Black Hat that address “orchestrating incident response.”
The final keyword phrase with the most popularity was Endpoint Security. While several attendees and vendors indicated that this was a hot topic, one of the most dynamic demonstrations at both events could be found at Cylance’s booth. They promote their endpoint product as the only solution that “blocks threats in real time BEFORE they ever cause harm. Good. Now we’re talking… A solution that’s “prevention-focused” versus “after the fact.”
What will be interesting to track over the next several months is whether we see an increased awareness and buzz around preventative versus analytic and orchestrative solutions. Analytics and orchestration are no doubt important, but as security solutions evolve, the focus, in this author’s view, needs to shift to prevention to meaningfully address enterprise security needs.