Outsource to infill on cyber security • The Register

Outsource to infill on cyber security • The Register


Sponsored Feature Life is tougher than ever for security pros facing a rising tide of cyberattacks. And adversaries are becoming more adept than ever at using diverse methods and technologies to scale up assaults on their selected targets.

Those include AI and scripted bots which lower the opportunity cost for intruders, while creating a barrage of automated cyber offensives that increase complexity for defenders.

Complexity is on the rise inside organizations, too. IT infrastructure continues to evolve rapidly as companies grapple with cloud and hybrid compute platforms. Many modern applications are divided between hundreds or thousands of containers for example, all of which serve remote, distributed workers which have collectively helped to eliminate the network perimeter.

It isn’t just IT infrastructure that’s getting harder to navigate: the growing diversity of cybersecurity tool sets is also to blame, warns Colm Keegan, senior consultant product marketing data protection at Dell Technologies.

“One of the problems is that there’s so many players in the [cybersecurity] space and so many different tools for doing different things,” he says. “And that’s making a complex situation even more complex.”

Last year, Dell commissioned analyst company Forrester to survey 300 global security and risk decision makers. It found that more than nine in ten of organizations had added more security solutions to their portfolios.

Having more cybersecurity tools is not in itself a bad thing. The problem is that they don’t usually interoperate with each other. This creates a cybersecurity archipelago; a series of tiny data and process islands that are difficult to unify. How can analysts collaborate effectively on an emerging incident if they must share data between tools by exporting and importing it to CSV files? A scattered ‘frankenstack’ of tools from different vendors that don’t integrate with each other was the leading obstacle to cybersecurity maturity in the organizations that Forrester spoke to.

“Another problem is that organizations just don’t have people on staff to do this stuff.” says Keegan.

The cybersecurity workforce is increasing, but there are still not enough professionals to go around. And according to the (ISC)2 2022 Workforce Study, the gap is increasing. There are now 4.7 million people in the global workforce, representing a rise over the previous year, but the industry still needs 3.4 million more than that to fulfill its needs.

This shortfall is a consistent problem before, during, and after a cyberattack. A lack of eyes makes it more likely that an attack will slip through, especially if disjointed incident response tool sets hinder detection rather than helping it.

When a cyberattack hits, even the best-planned response is likely to fail if there aren’t enough people on the ground to execute it. Fumbling a response also makes it less likely that companies will be able to properly document the attack, update their SIEM, and learn from their mistakes, Yet that final step is crucial to close the loop in incident response.

These shortcomings are bad enough in non-regulated industries, but when they weaken security response in more sensitive ones, such as finance or healthcare, it creates a particularly acute compliance risk. A poorly resourced cybersecurity team in a heavily regulated sector invites penalties and legal action. Nine in ten security professionals told Forrester that regulatory compliance requirements have increased, piling on the pressure.

Automating for success

If there’s one thing that cybersecurity pros are good at, it’s adapting to adverse conditions. And the increasing complexity and shortfall in IT security talent is prompting a reaction on multiple fronts.

The first is automation. As security tools deliver more telemetry, security pros must search for relevant signals in a growing volume of data. Automating the monitoring and the response to those signals, is crucial. Companies are exploring tools that focus on analysis at scale, such as machine learning algorithms that search for tell-tale patterns.

Automation can also help with routine data protection tasks. These range from data loss prevention, where tools scan data leaving the network for sensitive formats, through to behavioral analysis to help spot and prevent suspicious log-ins.

As companies become more confident in using AI for cybersecurity, they will expand their capabilities and give it more autonomy in making basic cybersecurity decisions. A machine learning tool that spots anomalous behavior can alert a security analyst, but as team members see it consistently getting things right, they might decide they want it to go one step further and take automated mitigation steps. Autonomously quarantining a workstation is a good example.

The AI might also move beyond containment to recovery, applying known measures to restore data and system state so that it can minimize system downtime.

Automation tends to free IT administrators from manual tasks and allow them to spend their time on more strategic ones, such as crafting smarter cybersecurity policies. It can also help when implementing those policies. The rise in API-driven cybersecurity tools which open up a new world of security-as-code is a good example. Software developers can use those tools to bake security policies directly into applications, to automate data protection. This trend is likely to become more popular as more organizations adopt security-by-design principles.

While many companies are still exploring machine learning, the AI world is already leaping ahead, with large language models (LLMs) beginning to enhance cybersecurity by acting as automated assistants for analysts who can query them for vital information.

Simplifying the security stack

The second approach that companies are taking to mitigate their cybersecurity challenges is simplification. The realization that it’s time to consolidate their data protection and incident response tools, working with fewer tools that integrate properly, is on the rise.

This is certainly a growing trend among enterprises according to Gartner (Maverick* Research: You Will Be Hacked, So Embrace the Breach). The company has found 80 percent of security and risk management leaders planning to consolidate their existing tech stack. They’re doing it because they need to move beyond point solutions to a joined-up platform that can exchange data seamlessly across the entire monitoring and incident response continuum.

These tools mustn’t sacrifice sophistication for simplicity. Mass expansion to the cloud has exploded the IT ecosystem, requiring more functionality than ever from these integrated tool chains. Companies mixing Kubernetes containers, self-managed virtual machines, platform-as-a-service and software-as-a-service must be able to see and monitor them all from a single place. And they should be able to spin up these services directly from cloud marketplaces.

Consolidating cybersecurity tools in this way often means working with fewer vendors, but at the same time those which can offer a constellation of tools as part of a single platform with ubiquitous support. Adopting that approach also means the vendor offering support for the third part of a cybersecurity team’s response by providing much-needed external skills.

“It’s going to be really important for organizations to work with the right partners to help back fill where they have gaps,” Keegan advises.

Almost nine in ten respondents to the Forrester survey acknowledged the benefits of external skills as a way to plug gaps in their internal team. Those skills could help to get security teams back on the right track. For example, 32 percent of Forrester’s respondents had called in third-party experts to help assess their cyber preparedness.

External expertise can extend to online managed security services and all the way through to broader security outsourcing. According to the Forrester report, a third of all respondents had outsourced security and event management, while almost as many had outsourced endpoint protection.

Crafting an end-to-end response

But what exactly should companies look for in a vendor that offers this kind of third-party support? One of the most important capabilities is coverage, says Keegan. The ability to deal with one vendor for an integrated range of tools and services is key.

“At Dell we’re providing more of an end-to-end approach when it comes to cybersecurity,” he explains. “That encompasses everything from supply chain security through to what’s actually on board the silicon.”

Dell’s Secured Component Validation process builds cryptographic verification directly into its component hardware from the factory forward. This ensures customers that they’re getting machines that have not been tampered with.

“Our protections run all the way through to security on end-user devices and servers to applications and then core infrastructure like storage and networking, extending to data protection and cyber resiliency,” adds Keegan. Companies can turn to Dell for services including managed detection and response, and incident response readiness as well as data protection and cyber recovery “as-a-service” solutions. “This provides a cradle-to-grave approach when it comes to ensuring data protection and cyber security across the board.”

To ensure the security of customer systems and protect against intrusions, Dell takes a multi-faceted approach that encompasses both reactive and proactive measures. Acknowledging the very real possibility of breaches, the company provides a whole suite of data protection and cyber recovery solutions. These are designed to work seamlessly in on-premises environments as well as the public cloud, providing a fully integrated framework for cyber resiliency and data recovery. With Dell’s solutions on board, organizations can bolster their defenses and enhance their ability to respond effectively to cyber threats.

“PowerProtect Cyber Recovery gives organizations the ability to isolate critical data away from their production network into an isolated, air-gapped digital vault,” Keegan says. “It works in tandem with our multicloud data protection offerings so that our customers can rapidly recover their most critical data following an attack. The solution also leverages AI and ML to identify and help quarantine malware in the vault to ensure data is safe.”

Ultimately Dell Technologies is committed to providing automated data protection and cyber resiliency solutions which are expressly designed to help organizations safeguard their critical data assets. The use of open APIs and pre-configured scripts in GitHub repositories enables the integration and automation of data protection processes, which in turn make Dell’s solutions easier to incorporate within an organization’s existing infrastructure and workflows. And that gives them what they need to automate backup, recovery and security measures, thereby reducing human error and ensuring consistent, reliable data protection across their environment, says Dell.

The stakes are high as cybersecurity threats mount. The cost of opportunity for attackers is falling, and defenders must tighten their defenses to avoid a rising number of infiltration attempts getting through the cracks. By automating, simplifying, and calling in external help where necessary, they can dramatically increase their chances of blocking attacks – or dealing with any that succeed quickly and effectively.

Sponsored by Dell.

You May Also Like…