We all have many cyber security tools and the sad truth is that breaches and vulnerabilities still take a long time to be detected and re-mediated. The quoted data is that it takes around 252 days to detect then a further 82+ days to resolve.
That’s a long time in anyone’s language and should make any manager, CEO and CSO feel uneasy. For many, this is a death sentence with your own job on the line. But for most organisations, there are too many tools that are installed and the reality is that we may be afraid to unbundle or decommission these. What we lack is time, people, and expertise to fully leverage our existing cyber security investments.
The sad truth is that we simply do no know how secure or resilient we are today. Perhaps this is because any reporting and analytic s we can do today is running against what has happened in the past, and not what’s really happening right now.
What you do today doesn't work?
This is a frightening scenario. There is truth in the fact that most current tools scan for known vulnerabilities against your ‘live’ prod environment, which means these tools must be used at ‘off-hours’ and can only be run one at a time, which is a highly manual and complex operation. The question is does this provide you with an adequate ‘sandpit’ to work with?
The Homeland Security Foundation (HSFA) and not to be confused with USA Homeland Security: “recommends leveraging virtualisation to assess vulnerabilities outside production environments, increasing effectiveness, reducing detection time, and avoiding costly disruptions to business operations”.
It goes on to day that “HSFA strongly recommends developing new standards that require organizations to deploy continuous security delivery fabric-based technologies that leverage virtualisation alongside existing security investments.”
There is a clear case for change, and the question is do you subscribe to this theory?
What is Continuous Security Virtualisation?
Read more: The week in security: Malware-laden apps persist as iOS 9 zero-day scores $1m bounty
A new cyber security startup - Cybric which is headquartered in Boston and includes executives from Yahoo, Actifio. Given the heritage of Actifio, which specializes in data virtualisation, it should be no surprise that Cybric is based around virtualisation.
I recently connected with Andrew Gilman the Co-Founder & COO of Cybric this is a new start-up that has already received $1.3m funding. Andrew explained that their business model was about creating a new class of continuous security virtualisation.
They have a platform that operates as a SaaS-based offering that securely connects, automates, and orchestrates cyber security for on-premise or cloud-based environments. Cybic Fabric simultaneously monitors applications, integrations, operating systems, data centers, and other components of an enterprise network for anomalies using a shadow environment, and then allows you to quickly remediate and roll changes back into production.
Cybric has been built using a high performance model (fabric computing) which can operate in a multi threaded mode – and hence allows Cybric to constantly scan for threats and then automatically remediate vulnerabilities and attacks.
Read more: Resurgence of innovation driving glut of new security tools
Rely on Machines not Humans
By having this non-production version, it is then possible to detect and remediate issues faster and non-disruptively. The secret sauce is that you rely on the machine and the orchestration not on human beings. Because the Fabric can continuously scan everything from source-code to network perimeter, and everything in between – Cybric’s big data analytics engine can provide a near-real-time view of an organisations entire security posture.
Cybric has recognised that robust security will only come from systems finding and fixing vulnerabilities in real-time with little human involvement Doug Cahill, senior analyst, Enterprise Strategy Group, noted that:
“The cyber security market is flooded with over 1200 disparate point tools with customers often running nearly 100 products all requiring a high level of operational knowledge and human intelligence. This reality makes it incredibly challenging to fully understand an organization's holistic security posture"
Faster Detection = Faster Action
By utilising a virtualised approach will facilitate the CISO‘s team to quickly identify and fix vulnerabilities across the entire application and infrastructure stack."
Through automation and creation of a virtualising shadow environment, all scanning and remediation can be performed in parallel. This provides the ability to identify and fix real time threats, while also minimising impact on the prod environment.
How fast? This is surely the key question and what will make us as a ‘Venture Capitalist’ consider investing or as a ‘Consumer’ to acquire this tool.
How do I measure success?
The proof as they say is in the pudding.
Using a virtualised approach that allows for continuous scanning and remediation, you can then measure how fast fixes are actually made. The key metrics provided by Cybric include IRD (Internal Rate of Detection) and IRR (Internal Rate of Remediation).
These are metrics that today, would be somewhat tricky for management to share with their boards. But, smashing the current 252 days undetected should be the initial goal, and being significantly ‘south’ of that number will be a good outcome.
Sounds really intriguing……can’t wait to see how this works in practice.
Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.