The visibility challenge in cybersecurity
There is opinion that when you put all the threat intelligence reports out in the world today, side-by-side and compare them, there would be only three-percent overlap in information. That’s how diverse the sources of information that each cybersecurity vendor collects from their just as varied security intelligence networks.
An established industry-wide threat intelligence report like Verizon’s Data Breach Investigation Report (DBIR) for example, has over 70 contributors ranging from service providers to forensic firms to international Computer Security Information Response Teams (CSIRTS) to government agencies and even security vendors specialising in industry verticals.
Akamai’s Chief Strategist for Cybersecurity in APJ, John Ellis said, “We see what we see, what we don’t see we don’t talk about, because we don’t see everything.”
In cybersecurity reports Nirwana, there would be more quantitative data than qualitative data that would enable better measurement and more accurate visibility into and understanding of the threat landscape.
“But, the truth is we still struggle getting data we need, because of a culture of ‘not wanting to talk about (breaches)’,” Ellis pointed out. This is especially so for Asia.
Actionable insight, still
Akamai’s State of the Internet (SOTI) report which comes out every quarter is about intelligence at the edge. It is the culmination of Akamai’s efforts to collect and analyse its stream of real-time threat intelligence every day, on a worldwide basis.
“Every day there is about 22TB of security event data that goes to our cloud security intelligence (CSI) platform to be analysed. Our CSI platform pushes out 2.5PB of data towards our bot manager and client reputation products.
“The CSI platform drives accuracy for our WAF (Web Application Firewall, and client reputation and bot manager… our goal is to be the most accurate and to build better products,” said Ellis.
As for the quarterly SOTI report? “The value of the data is in the operational sense, and to help customers detect and respond,” said Ellis, echoing a global trend that more IT security spend would move towards detection and response, moving away from threat prevention solutions.”
Asia – security challenges
Ellis said, “In this part of the world, it is not so (that spending is more on detection and response). Money is historically put into prevention.”
In fact, a pet topic for Akamai’s Cybersecurity Chief Strategist is about where the Chief Information Officer (CIO) sits in the whole grand scheme of an organisation. “The lower down they are in the management hierarchy, the more difficult it is to talk about cybersecurity and business impact (in the boardroom).”
There is a mindset shift in the boardroom, of approaching cybersecurity as something that is essential rather than something to comply to as per regulation.
But that shift couldn’t be any slower.
In the meantime, threats keep escalating at an unprecedented pace, and companies that apply quick fix security solutions end up costing their organisation more money and reaffirming the view of IT (and cybersecurity) being a cost centre.
Rather than reacting towards attacks and breaches, perhaps being proactive about detecting attacks before they happen, is the only way to beat the attack.