RSAC 2017: Is the cybersecurity industry about keeping up with the Joneses?

There is no shortage of product announcements in the security industry, and this focus was clearly on display at the recent RSA Conference 2017. And while many attendees went in with high hopes of finally glimpsing the revolution that security experts have been calling for or discovering a solution that will fundamentally change the current, failing endpoint security paradigm – our cybersecurity challenges remain unaffected by the plethora of solutions. Instead of  focusing on security for the modern age, companies are continuing to build products and solutions that are feeding into the problem rather than reducing risk. Has the industry become more about having the latest and greatest solution to “keep up with the Joneses” rather than focusing on what we should be building now to prepare for the security challenges we will face tomorrow?

Confronted with a competitive marketplace, vendors are laser focused on explaining why their technology is better, be it AI, ML, Deep Learning, Neural Whatchamacallit, etc. 

When reflecting about how we solve cybersecurity issues, two phenomena come to mind:

1. Parkinson's law, a reference to the self-satisfying uncontrolled growth of the bureaucratic (think security) apparatus in an organization.
2. Thermodynamic entropy, an irreversible process that degrades the performance of a thermodynamic system (think security).

Our older prevention solutions are lacking the ability to handle the unknown. To compensate, we add more layers of monitoring and detection, which result in billions of reports and false alarms organizations cannot handle. To compensate, we add outsourced services to sift through this mass of mostly useless data in an attempt to predict the unknown and learn from the past. However, as humans we can't handle processing this volume of data. Here is where big data, business intelligence, and artificial intelligence products enter to sift more effectively through the mostly useless data we created to compensate for our ineffective handling and prevention of cyber threats. See where this is going?

There is a clear and present danger and one main cybersecurity problem to solve: stop attackers from ever getting in at a price we can afford. 

Here are the key components for this approach: 

1. Protect an organization from its own people. Not by blaming employees for being human and gullible, but by putting a solution that reduces the dependency of hackers on expected human [mis]behavior. 

2. Return to effective prevention with near-zero false alarms, which reduces reporting, monitoring, detection, patching cycles and remediation to the bare minimum. 

3. Reduce the amount of software, costs, operating expenses, and complexity of your stack and increase its resilience against both the known threats and the unknown unknowns. 

4. Make it prohibitively expensive for hackers to attack an organization by denying them the ability to access, or even find, exploitable resources.

Combined with a malware prevention product for existing known executables (e.g. antivirus or similar), Moving Target Defense helps solving the above stated endpoint cybersecurity problem. 

Companies, analysts and pundits would do well to examine and discuss a new promising stack comprising three layers of effective, efficient and resilient prevention including an access management layer, an anti-executable malware layer and an anti-memory exploitation layer. 

To be successful in the fight against cybercriminals, it takes a balance of these pieces and radical innovations rather than the reprocessing of old ideas in new packages. Hopefully the industry will take a step toward achieving this goal in time for RSA Conference 2018.