Move to the cloud. Shift left. Buy the latest XDR and deception tools. The technology and cybersecurity industry has always been susceptible to marketing hype, but do these moves actually make their organizations more secure? Or do they just add more complexity?
With all the major hacks, from SolarWinds to the issues with Microsoft Exchange, how can security pros sleep at night? They may think they are doing the right thing, but are they operating with a false sense of security?
Michael Isbitski, technology evangelist at Salt Security, says security pros have to focus more on securing the application programming interfaces (APIs) that power many of these tech strategies. From hosting internal cloud apps to relying on gateways and traditional patch management tools, the old methods don't focus enough on API security – and the APIs are susceptible to attackers.
"With so much at stake, businesses need to humbly accept that they have been overly confident in these security approaches and tool choices," Isbitski says. "They should seek to update their tooling and processes accordingly to address modern threats."
We've compiled seven tips to help security pros sort out what they need to think about as they deploy many of these evolving security concepts and technologies.