The cybersecurity industry is booming with new technologies and solutions, making it increasingly challenging for security staff to manage every new technology, and making it even more difficult for chief information security officers (CISOs) to decide on the most appropriate security technology for their organizations.
During the recently held RSA conference in the United States, one of the largest cybersecurity conferences globally, many new technologies and solutions were displayed. Trying to enumerate the number of new technologies and solutions was overwhelming, making one wonder how CISOs decide on which security solutions would solve their organizations’ security weaknesses.
The trend of simply adding new technologies to security stacks is not working as threat actors are consistently breaking through existing protection technologies. To break this cycle, companies must focus on assessing how much value a new technology provides to determine if it’s worth evaluating or not.
This new era of cybersecurity requires every investment to be prudent, and companies must start asking fundamental questions about technologies to determine their true value. These questions include proactivity, intelligence, autonomy, scalability, and benefit to the entire security stack and management teams.
Question 1: Is the technology proactive or reactive?
While almost every cybersecurity technology claims to be “proactive,” it’s crucial to define what exactly that means. A proactive technology is one that is to the left of boom – before a successful breach – while most cybersecurity technologies sit to the right of boom, reacting to and mitigating the effects of breaches that have already happened.
Modern security frameworks such as MITRE, NIST, and zero trust require left-of-boom technology, which is why investing in more proactive technologies is essential.
Question 2: How much cyber intelligence can the technology leverage?
The value of intelligence and data has never been higher, and this has proven especially true in the war against cybercriminals. Therefore, any cybersecurity technology must be informed by as much cyber/threat intelligence as possible. Without data to make informed decisions about enforcement, threat actors have an upper hand.
Question 3: Is the technology truly autonomous?
Most cybersecurity technologies claim to be autonomous, but with the shortage of cybersecurity staff that does not look like it will go away in the near future, evaluating what we mean by autonomous is critical. The technology should not require any employee-hours, should not require another full-time employee to manage alerts or logs, and should automatically update.
Question 4: How does the technology scale?
Threat actors have shown themselves to be nimble, inventive, and persistent in their attacks, and the technologies we implement must be able to grow and adapt to these realities. We must ensure the technology can adapt to higher volumes, deeper obfuscations, and yet-unknown attack vectors.
Question 5: Can the technology work easily with existing technologies?
In most cases, cybersecurity professionals experience what is known as “alert fatigue” caused by too many technologies that are sensitive to finding threats or breaches but cannot communicate easily with each other, resulting in multiple alerts for the same malicious activity. The new technology should be beneficial, capable of feeding intelligence easily to other implemented technologies, easing pain points, and ingesting information from other implemented technologies.
In conclusion, considering the value cybersecurity technologies add to the entire security stack and management teams is the best way to make informed investment decisions.