Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
09:15 AM
Kevin T. Reardon
Kevin T. Reardon
Partner Perspectives

Balancing Accounting Policy & Security Strategy

A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.

While accountants track quarters and years, cyber security time is measured in seconds, minutes, and months. For instance, Intel Security’s “Malware Zoo” grows at the rate of four new pieces of malware or malicious software every four seconds. Currently, this Zoo has more than 375 million pieces of malware, 103 million obtained and classified in the last nine months alone. The average useful life of a poorly configured or unprotected PC on the open Internet is four minutes.

As a security practitioner, you would not let a device sit idly by unprotected. Now consider this: For anything you want to invest in, your CFO wants to amortize the investment over three to five years, as he or she does for other computer equipment. How can you maintain a strong security strategy and position against an exponentially growing threat, while balancing the rules of GAAP that seem to dictate current security strategy?

In almost every organization, there are tensions between different functions or departments, as they try to maximize their own objectives. Accounting or finance is trying to maximize the value of the firm, preserving cash, recording assets with as much value as possible, and minimizing capital and operating expenditures. Security is trying to maximize protection for those assets with the smallest impact on everyday operations. (Of course, it is difficult to demonstrate a level of protection, since it involves proving a negative.) The fact is, your security strategy should not mirror your accounting policy. How do you reconcile these two very different perspectives?

Let’s start with the definition of an asset as something that has a probable future economic benefit to your organization. If some aspects of your security system are outdated and can be readily circumvented by the latest attacks, then they have ceased to provide an economic benefit. But how do you use this when you are building a business case for greater investment in security?

With the flurry of recent security breaches, an easy approach is the “fear, uncertainty, and doubt” routine. This may make it easy to get approval for a temporary budget increase or a pile of reactionary purchases, but it does not do much for your long-term security posture. Reactionary purchases result in a series of security silos that cannot talk to each other and that increase operating and capital costs. You may consider this a layered defense strategy, which is better than point systems, but it has higher operating costs and the potential for a false sense of security.

A better long-term approach is to focus on security as a platform, instead of a selection of individual products and point defenses. Your organization has likely invested in platforms in other areas such as office automation, network infrastructure, and enterprise resource planning, because standardization and consolidation improve efficiency and reduce cost. In today’s threat landscape of complex and adaptive attacks, a critical component of an effective security platform is sharing of data among all of the sensors, defenses, and controllers. This communication enables all devices to get the knowledge and assistance they need, and the security operations center to have a true picture of the active threat level.

The next component of an effective security platform is integration and automation between security processes in real time, which helps drive down operational costs. While technologies can share data over standard formats, the ideal model shares data using a real-time communications backplane so that the data can provide assistance in problem solving immediately, rather than be used solely to reconstruct the past. With the demand for security personnel outstripping the supply of experienced professionals, integration reduces the time-consuming “swivel-chair management” technique of monitoring multiple consoles, and automation filters out the normal, expected noise and other clutter to provide more visibility to the anomalous and abnormal alerts and events.

Finally, you want a platform that supports multiple vendors and technologies, without requiring a wholesale replacement of your existing infrastructure. No single vendor can deliver all of the current and new technologies, and competition and open architectures help to keep prices down, business responsiveness up, and functionality increasing.

The use of an integrated platform has been proven in several other parts of the organization, and it is time to demand this from the security area as well. Long-term operational cost savings, sustainability, and future-proofing far outweigh the perceived short-term gains of cash flow management. A connected security platform reduces capital and operating costs while vastly improving your security posture, satisfying both finance and security. In our recent study on security management platforms, respondents identified the platform as the most important and valuable part of the security system, surpassing endpoint protection, with a 66% increase in value since 2012. In the end, you need a security program by design, not by accounting policy.

Kevin T. Reardon is a Vice President in the Office of the CTO and is responsible for Intel Security's worldwide Value strategy and program. With more than 18 years' experience in the IT security field, Kevin acts as a key advisor to top Intel Security commercial and ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...