Blogs

Last week’s RSA Conference was an orgy of security innovation and industry hyperbole. While this will only make things more confusing for security professionals, they seem to be moving ahead with strategies for security technology consolidation, integration, and a migration to multi-product security platforms.

I’ve been blogging about what the “big 3” topics at this year’s (virtual) RSA conference should be. I started with a blog about XDR, followed by another about zero trust. My final blog of this series looks at what CISOs want to hear about SASE at RSA.

Why SASE? Because:

April showers bring May flowers, and this year’s RSA Conference. Usually there’s one topic at RSA that everyone is talking about but this year there will likely be 3: secure access service edge (SASE), eXtended detection and response (XDR), and zero trust. In my last blog, I described 8 things security executives want to hear about XDR. This one focuses on zero trust.

Now that we are within a month of the RSA conference, the security diaspora must prepare itself for a cacophony of hyperbole around three industry initiatives: Secure Access Service Edge (SASE), eXtended Detection and Response (XDR), and zero trust.

Yup, all three areas are innovative and extremely promising, but a bit overwhelming as well. Look for more from me on SASE and zero trust in the coming weeks. For now, we'll focus on XDR.

As the old security adage goes, “A well-managed network/system is a secure network/system, and this notion of network and system management is a cybersecurity foundation. Pick any framework (i.e., NIST Cybersecurity framework), international standard (i.e., ISO 27000), best practice (i.e., CIS 20 Critical Controls) or professional certification (i.e. CISSP), and much of the guidelines presented will be about security hygiene and posture management.

In my last blog post, I described how the market for eXtended Detection and Response (XDR) is evolving and how CISOs should approach this new and promising technology. It was good and useful information, if I do say so myself, but it didn't directly address the question of why security professionals should care about XDR in the first place.

Beyond threat detection and response, CISOs should think of XDR as a catalyst for modernizing the SOC, automating processes, and improving staff productivity.

According to ESG research, enterprise organizations claim that improving detection of advanced cyber-threats is their highest priority for security operations. As a result, 83% of organizations will increase threat detection and response spending over the next 12 to 18 months.

Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.” This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

At the beginning of last year, I noticed that boardroom buzz about cybersecurity hadn’t really changed over the past 5 years – same old tired rhetoric and hyperbole. Hmm. Certainly, things must have progressed in that 5-year timeframe, right?

In continuing my chat with Marc Solomon, CMO of ThreatQuotient, Marc and I discuss:

1. SOC integration. At its heart, SOAPA is an integrated heterogenous technology architecture for security operations, so I ask Marc how integration plays into ThreatQ’s strategy. Marc mentions that the platform includes bi-directional integration where ThreatQ consumes and provides data. What type of data? External threat data, enriched data, event data, etc. ThreatQuotient can be used as a SOAPA data broker, acting as the single source of truth for security operations.

Mark Solomon, CMO of ThreatQuotient. and I had a chance to get together and talk SOAPA recently. In part 1 of our video, Marc gives a brief description about what ThreatQ does and then we proceed to chat about:

1. What’s the deal with cyber threat intelligence (CTI)? For every SOC manager who tells me that threat intelligence is the foundation of security operations, another says that his or her organization struggles to operationalize threat intelligence. What’s going on here? Marc believes the term “threat intelligence” is somewhat poisoned and meaningless today. The real key is to collect, process, analyze, and act upon the CTI that aligns with your organization’s infrastructure, industry, location, etc., and then integrate it into every aspect of security ops.