Hacking the Complexity Matrix
- By Winston Thomas
- April 02, 2024
In the fragmented world of cybersecurity, CISOs find themselves in a constant battle. Vendors hawk solutions that promise to combat the latest threats, leaving overloaded security teams struggling to integrate and manage a sprawling array of products. Amidst this complexity, a sense of helplessness can set in, and the low-hanging fruits of quick fixes become too tempting.
Does this cycle have to continue? Kelvin Chua, regional director of systems engineering at Fortinet, doesn't think so. He believes that both vendors and CISOs need a shift in mindset.
Complexity is a man-made conundrum
"The pain that many organizations are facing is that there are too many products," Chua observes. "When you have too many products, it just increases the complexity."
This complexity is a double-edged sword. Not only does it strain a CISO's human resources, but it also hinders the very thing cybersecurity tools were bought to provide: effective protection. Chua notes, "We all know that no product can actually work in isolation. The more you integrate them, the better it is."
One crucial step, Chua asserts, is moving away from the idea of cybersecurity vendors as mere solution providers and towards a collaborative partnership model: "As cybersecurity vendors, we essentially take the responsibility to integrate."
This means not just integrating multiple disparate products from a single vendor but also being willing to share threat intelligence. While it may seem counterintuitive, collaboration between vendors becomes essential in an era of sophisticated cyberattacks.
"We are a strong believer in sharing as much as we can," Chua explains. He goes on to describe Fortinet's participation in the Cyber Threat Alliance, where intelligence on threats like malware hashes and indicators of compromise is exchanged. "I guess the bad guys are sharing. So, as much as possible, the good guys should also be sharing."
Automate and breathe
In a work environment where IT, OT, and IoT (Internet of Things) boundaries blur, and hybrid work models are the norm, automation is not just a buzzword for CISOs—it's the key to survival.
"We need to actually put in things like the people and the process to make sure that the technology, people, and process will be fully aligned to ensure a cyber-resilient enterprise," Chua says. "And automation becomes very important when we talk about technology."
Automation brings with it speed. Systems detect threats faster, and security teams can respond and remediate them precisely. Yet, automation offers CISOs another valuable benefit—it frees up time.
"If the analysts have to constantly do the low-value things that automation can actually help them to do, there's no opportunity for them to really elevate their skill set and do something of a higher value," Chua argues.
Go beyond alerts
Time is precious for CISOs and their teams. Every minute wasted on a false positive is not spent addressing a genuine threat. The statistics are sobering. Chua cites a new IDC survey commissioned by Fortinet on the State of Security Operations in the Asia Pacific region.
He notes, "74% of the cybersecurity team will talk more than 15 minutes to validate an alert, and, you know, 60% of the organization reports at least a quarter of them are false positives."
The solution lies in smarter solutions: "We wanted to make sure that we get all the organizations to give them greater accuracy and also allow them to deliver a more effective response by reaching what we call artificial intelligence-driven automation, analyzing things like behavior indicators and advanced threat intelligence," he says.
However, CISOs are no longer just monitoring IT for alerts. They are now tasked to defend their operations systems.
Historically, operational technology (OT), the backbone of critical infrastructure, existed in isolated silos. Today, as OT converges with IT and connectivity becomes paramount, CISOs face a new threat vector. According to Chua, the challenge is two-fold—the security knowledge gap of OT teams and the sheer age of the infrastructure.
"What OT focuses on is really availability," emphasizes Chua. "Security is probably not the number one agenda."
His solution is both educational and technological. By demonstrating real-world attack scenarios, OT teams begin to appreciate the gravity of the risks, and cybersecurity solutions explicitly designed to understand OT protocols and vulnerabilities become necessary.
A brave new collaborative future
As the lines between man and machine blur with IoT and increasing machine-to-machine communication, real-time threat monitoring becomes a must-have in a CISO's arsenal. Chua advocates for a segmented network approach—inspecting and decrypting traffic flowing between devices to catch malicious activity at wire speed. In this future, hardware innovation will be just as important as software sophistication.
To encourage a change of mindset and create a more cyber-aware workforce, Chua believes that engaging training methods— perhaps even Red and Blue Team exercises and gamification—play a significant role.
AI adds a new dimension to threats. Even if you are not using generative adversarial networks to find gaps in your defense, generative AI tools like ChatGPT can allow seemingly innocuous prompts to leak sensitive data. It's an ever-evolving battleground, prompting Chua's succinct remark: "This is basically a very hard question actually to answer."
One thing is sure: CISOs will need to remain proactively vigilant. In an age of automation and sophisticated attacks, there's no room for complacency or a siloed approach to cybersecurity.
Chua and Fortinet's vision calls for vendors, security professionals, and the wider business community to break down barriers, prioritize collaboration, and embrace continuous adaptation. Only then can we hope to create genuinely cyber-resilient organizations amidst the relentless waves of change.
Image credit: iStockphoto/romeocane1
Winston Thomas
Winston Thomas is the editor-in-chief of CDOTrends. He likes to piece together the weird and wondering tech puzzle for readers and identify groundbreaking business models led by tech while waiting for the singularity.