As in many of over previous Blogs, We had raised big concern over security havoc that will be in rise, due to chance in business models.
Many of the enterprises due to covid-19 pandemic results in make people work from home. Pre-corona business model was totally different as each resource accessing data from the secured tunnel, and each terminal located to secured network, with SSL and firewall covered.
Resulting, in the pandemic all the enterprises are either forced to shut down its business or looked hard to align its resources ensuring not to loose its business. Resulted, work from home, structure each resource were made available with static IP based terminals which can further have access to office network resources. But, those relocated terminals were on WPA commercial or personal networks, unsecured for enterprise.
In a recent study, data has been made available. Accordingly, although whole global IT infrastructure investment had risen to more and more investment $585 billion, but its not levering resources to be covered at all. Simple reason, investment is not good enough if we compare the amount of growth, IT enabled services had made. We should also consider, this paradigm has enabled considered cloud computing growth, and risen the work standard. So chase will always be on to secure our resources well enough.
“We are in a cyber arms race that has precipitated a security tool race with adversaries’ evolving attacks forcing us to spend more to try to defend ourselves,” said Jim Reavis, co-founder and CEO of the Cloud Security Alliance (CSA), which promotes the use of best cybersecurity practices in cloud computing
“Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders,” Reavis stated. “We are increasing operations and personnel costs, but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries’ success.”
The CSA identified what it considers a critical gap to be the lack of capability to easily leverage and fuse output from security tools with threat intelligence deployed.
Five issues prevent the development of this capability:
• The fast pace of change in both security technologies and adversaries;
• Vendors focus on a “single pane of glass,” or dashboard that visually represents event data. The problem here is that the wealth and diversity of event data and the pace of malicious activity are not easily represented on one dashboard. Therefore, buyers are reluctant to commit to a single pane because they invested in training on the various security products they use.
• There is no readily implementable exchange protocol and data-labeling ontology.
• Integrating and processing disparate data sets from different security tools and intelligence sources is difficult due to different formats and protocols, managing duplicates and redactions, and the importance of understanding context; and
• The shift from using software and products to secure systems, to focusing on the data generated by the data systems.
Our consideration, CSA consideration are well enough, but it should not be considered a blank blanket. It signifies identifying all the resources at risk, to be located at secured location, and gaining access to the resource with respect to their usage or hours. Monitoring of events by the individual logins and also data level auto-scripts to be enable which makes, life easier.
Now, considering the Clound Computing infrastructure, is totally different paradigm, which every enterprise wants to step-in. Time has gone, where 20th century resources or architecture play enough to gain industrial growth.
Using data-centric defense, integration, and automation of tools and overall architecture requires revising what intelligence means in the context of cybersecurity, building cyber memory, and building and maintaining secure, intelligent ecosystems, the paper states.
Secure and intelligent ecosystems are cloud based memory banks that continuously fuse and enrich data from internal security tools and external sources. This enriched data can automatically update cyber defence tools or conduct triage for further action by analysts. Data from an individual ecosystem can be shared by other companies or organisations to form a collaborative defence system
