“Short memory spans” are continuing to exacerbate organisational security shortcomings and accelerating a trend away from point security solutions in favour of fewer, better integrated platforms, a senior regional security executive has reported.
Innovation in the security space had rapidly improved technologies but many vendors “tend to build for themselves unless they're out there trying to get feedback and understand the issues that real folks are seeing,” Intel Security CTO Mike Sentonas told CSO Australia.
“With the sheer amount of attacks that keep happening, the biggest question I still get is 'how do we reduce suppliers and work with one or two strategic vendors?”, he continued. “While it's interesting to see all the innovation in the space, there is also a bit of concern starting to creep through. Customers want to buy a product and consolidate it very quickly, for ease of use and strategic sourcing.”
That demand had seen changes in customer conversations in the wake of the assimilation of Intel Security – formerly security giane McAfee – into the Intel organisation: “A year ago, people were going down the path of buying so many tools but they're pulling back from that,” Sentonas said. “People want to know more about how they can create an ecosystem of products.”
This change in midshift had emerged as organisations increasingly look towards getting better visibility over their security infrastructures, with consolidation necessary to fully utilise the capabilities of cutting-edge security analytics tools that processes masses of data to pick out potentially problematic anomalous behaviour.
Yet better tools are only part of the solution, Sentonas added: despite all the security precautions in the world, he warned, organisations were still being hit over and over again by the same sorts of problems because users are fundamentally creatures of habit.
“We've got a pretty short memory span,” he said, referencing incidents such as the recent Ashley Madison hack, which has produced significant consequences for users that not only accessed the site but did so using corporate credentials.. “We like to use technologies, services, and apps. The want to use them far outweighs the security concerns they raise, and we will probably do that again and again.”
Given this inevitability of user behaviour, it is increasingly up to security practitioners to implement the platforms capable of monitoring such behaviour and picking out meaningful anomalies. Driving real change in security behaviour would only come over time, Sentonas warned, as repeated efforts to tighten controls in the back end – for example, through the security mandates of the federal government's Digital Transformation Office (DTO) – slowly began to pay off.
“It's such a difficult problem, and things are happening so quickly on the attacker side, that in making small steps you really won't see a lot of value from them for a long time,” he explained. “You'd have to do something drastic to get an immediate payoff.”
Yet with continued hacks occurring, he said, there are signs that a change in attitude is at least setting organisational philosophy on the right path: “security is really becoming top of mind for not only businesses and governments, but for everyone,” he explained, “and your security approach is going to capture everyone alnog the way. They're all wanting to know what their part to play is.”