Automation and orchestration will be essential components of security in 2017.

Ned Miller, Intel Security, Chief Technology Strategist for Public Sector

December 23, 2016

3 Min Read

In the spirit of the holiday season and after a weekend marathon of watching the greatest Christmas movies ever made, I offer the following observations for my fellow cybersecurity friends and those chartered with defending critical assets.

CISO Ralphie Parker wants only one thing for Christmas: a Red Ryder Carbine Action 200-shot Range Model malware BB gun. Ralphie's desire is rejected by his CIO, his CFO, and even a department store Santa Claus security consultant, all of whom give him the same warning: "You'll shoot your eye out."

Christmas morning arrives, and Ralphie dives into his presents, opening a bunch of new cybersecurity tools. Although he receives some tools he enjoys, Ralphie is ultimately disappointed that he did not receive the one thing he wanted more than anything. After Ralphie thinks that all the presents have been opened, his father and CEO directs him to look at one last gift that he had hidden. Ralphie opens it to reveal the coveted Red Ryder malware BB gun.

Ralphie takes his new malware gun outside and fires it at the latest malware of the day. However, the BB ricochets back at Ralphie and knocks his SIEM glasses off his face. While searching for them, thinking he has indeed shot his eye out, Ralphie accidentally steps on his glasses and breaks them. To cover up the incident, Ralphie tells his CIO that a falling icicle was responsible for the cybersecurity breach.

We have all seen leadership become fascinated with the latest cybertool of the day and decide to throw it into the mix of existing tools, only to have things quickly go awry. Visibility, manageability, and interoperability are not often the primary goals when adding a new capability, making a difficult situation more complex.

While it is paramount that businesses and governments remain agile and competitive in our new reality, they also need to stay within acceptable levels of operational risk. Three overarching challenges continue to drive security strategies:

  1. There is more to defend, and the information footprint has expanded beyond the control of IT. We have gone from 25 to over 500,000 new threats per day in the last decade. Users are bypassing IT with cloud services and personal devices; many “users” are IoT and other specialized endpoints; more traffic is encrypted and invisible to IT; and massive amounts of data are moving to the cloud.

  2. We cannot move fast enough, despite seemingly significant efforts and investment. It is not unusual to take months or even years to detect a security breach. Containing and remediating a breach can take a long time, giving adversaries too much leeway to achieve their objective and inflict financial and reputational damage.

  3. Workforce resources are not keeping pace with the increased volume of attacks and sophistication of adversaries. More than 60% of organizations report that their security department is understaffed. Within four years, we will have a shortfall of nearly 2 million qualified cybersecurity professionals.

We recently surveyed over 2,000 IT security decision-makers around the world, and when asked what it would take to overcome these security challenges, they split roughly in half into two very different groups:

One group favored a best-of-breed approach, believing that self-integration of disparate technologies with manual processes delivers the best security outcomes. This is the traditional “defense in depth” school of thought, assuming that technology diversity drives a better overall security posture using human capital to make the parts into a system.

The other group favored an integrated platform approach, believing that an open and integrated security framework enabling consolidation and automation yields better overall security results. This group sees efficiency as a key component to success.

When you run the numbers, it becomes clear that we cannot solve the growing complexity and risk equation by throwing more people at the problem. Not only is there not enough grey matter to go around, the speed and scale of the problem demands the combined advantages of human and machine processing. Automation and orchestration will be essential components of security in 2017, and Ralphie needs to rewrite his Christmas list. 

About the Author(s)

Ned Miller

Ned Miller

Intel Security, Chief Technology Strategist for Public Sector

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that technology, standards, and implementations meet the challenges of information security and privacy issues today and in the future. In addition, Mr. Miller is also responsible for worldwide government certification efforts to ensure Intel's products comply with the latest global security standards and protocols.

Mr. Miller acts as the internal customer advocate within Intel's Security and advises Intel's executive leadership with strategies to drive government and cybersecurity requirements into Intel's products and services portfolio and guide Intel's policy strategy for the public sector, critical infrastructure, and threat-intelligence communities of interest.

Prior to joining Intel Security, Mr. Miller served in several executive, sales, business, technical, and corporate development leadership capacities. Most recently, Mr. Miller held executive sales and technical leadership positions with Hewlett Packard, including the Global Chief Technology Strategist for Hewlett Packard's Enterprise Security Products team. In addition, Mr. Miller worked for Symantec as the Corporate Development leader for Symantec's public sector organization responsible for advising sales leadership and driving innovative solution approaches in support of standards initiatives and programs such as next-generation security controls, Security Content Automation Protocol (SCAP), Cyber Scope, cloud and cloud security, FedRAMP, the latest in information protection methodologies for mobility, and next-generation identity management and authentication solutions. 

Before joining Symantec, Mr. Miller was the founder and CEO of the IT security firm Secure Elements.  Secure Elements was an early pioneer in the development of security standards. In addition, Mr. Miller has authored numerous whitepapers on enterprise security management and is the co-inventor of a series of next-generation network security patents. Mr. Miller is also recognized by the US Government as a subject-matter expert on the topic of security automation and information protection and is an active moderator and panelist across the IT industry.

Mr. Miller is also an active member on the NIST Security and Cloud Standards Working Groups, former chair of the Cyber Security SIG of the ISSA, and a member of AFCEA, CSIA, and Tech America's Cloud - State & Local Government Commission.

See more from Ned Miller
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

The letters EDR/XDR amid binary code
Application Security
Evil XDR: Researcher Turns Palo Alto Software Into Perfect MalwareEvil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
byNate Nelson, Contributing Writer
Apr 19, 2024
4 Min Read
A computer screen showing GPT-4
Threat Intelligence
GPT-4 Can Exploit Most Vulns Just by Reading Threat AdvisoriesGPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
byNate Nelson, Contributing Writer
Apr 18, 2024
4 Min Read
An ICS control panel
ICS/OT Security
ICS Network Controllers Open to Remote Exploit, No Patches AvailableICS Network Controllers Open to Remote Exploit, No Patches Available
byDark Reading Staff
Apr 18, 2024
2 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events