When I cover RSA, I stay with my mother, who lives in San Francisco. I sleep in the room where my late father, Irvin Taylor, lived in the last few months of his life. On the wall is the Distinguished Service Cross, Air Medal and Purple Heart that he received as a navigator on a B-17 bomber in World War II. He kept a burning plane on track to complete its mission before bailing out and spending the remainder of the war as a Jewish prisoner of war in Nazi Germany.
In addition to making me reflect on the rather low wattage struggles of my own life in comparison, the medals stimulated my thinking on the evolution of security. The B-17, with its Norden Bombsight, was arguably history’s first weapon of computer-driven warfare. Like the average enterprise, though, with its firewalls and intrusion detection tools, the B-17 looked formidable, but wasn’t. Its many machine guns were no match for far faster German fighter planes. Dubbed the “Flying Fortress,” the B-17 was actually a sitting duck. Thousands of men died early in the war due to faulty thinking about how the plane could defend itself.
The shifting tactics of the 15th Air Force during the war can tell us a lot about how thinking about defensive strategies have evolved—and not evolved—in the intervening decades. Over painful years of losses in 1943 and 1944, they slowly developed an effective defensive strategy. The planes started to fly in tight formations so their collective firepower could provide better protection. The squadrons also started their missions with better intelligence about enemy operations, weather and targets.
Cybersecurity today is where the Army Air Corps was in those deadly early days of World War II. There’s a realization that existing tactics are not enough. Indeed, a sense is emerging that the status quo is making us more exposed than ever before. At the same time, a more promising future seems to be on the horizon if a variety of different players can learn to work together more effectively.
The sentiment came up in a fascinating discussion with Forescout CEO, Mike DeCesare, and Optiv Security CEO, Dan Burns, at RSA. Both men are veterans of the industry. They offer compelling perspectives on what’s going right, and wrong in this treacherous era.
Their insights resonated with my reflections on my father’s experiences in aerial combat. Cyber security teams are also trying to fight against moving targets while in motion themselves. “There’s an excessive number of vendors to contend with,” remarked Dan Burns, whose firm specializes in integrating security systems. “A lot of companies are offering similar features. Most of them are good, but it can be hard to know whom to choose and what to do with the tools you do buy.”
Mike DeCesare commented on a related problem, the lack of awareness of what’s happening inside an enterprise that may be bristling with under-utilized security products. “You’d be stunned at the number of previously unknown devices we find on a network,” he said. “When you plug Forescout into your network, you get an automated audit of devices, many of which are not in policy. Or, the company simply didn’t know it was even there. Both scenarios expose attack surfaces.”
The core issues involve security technology integration and team efficiency. Even with the right tools, a poorly-conceived and implemented security stack, with sub-optimal deployment of capabilities and deficient practices and organization will inevitably underperform its mission. A lack of team member efficiency compounds the problem. As everyone at RSA noticed, the industry is in the grips of an unprecedented personnel shortage. SecOps teams must become more productive to do their jobs.
The relationship between Optiv and Forescout shows the path forward. It’s a partnership for efficiency and effective security integration. Optiv is the integrator. Forescout is the tool, one of several that Optiv implements for its clients. Through this sort of partnership, the client gains the productivity benefits of automation and orchestration. They also achieve the efficacy breakthrough that occurs when the right tools are deployed in the right way.
For example, as both Optiv and Forescout have noticed, many organizations run multiple endpoint protection tools in parallel. In these cases, each tool is typically not running with all its capabilities in effect. Working as partners, Optiv and Forescout can rationalize endpoint management and security, reducing the number of management agents. This cuts down on administrative overhead and brings down budgets while enabling better security overall.
CISOs need a combination of guidance, implementation assistance and good tooling. Like the Army Air Corps, they can become more secure by integrating the best tools, intelligence sources and strategies available. The Optiv/Forescout efficiency partnership gives organizations a model for how this can work.