Why?
I think it’s a fair question to ask why we are still losing to adversaries. We have decent detection and prevention platforms, we have centralized telemetry, we also have an amazing AI, <BUT>> we are still going to lose today and tomorrow for the average adversary.
It’s also fair to say that the technological revolution of the last twenty years, which has changed our lives, has also completely changed the attack vector landscape.
When I started my career in late 1990, we had an on-premise environment, air-gapped by design. We had physical servers that we knew about their location and existence. We had database servers with marked labels SQL-SRV-05 :-), so you knew where your data was.
But then,
AWS launched its first EC2 service in 2006 and ever since then, people and companies are moving their data into an unknown compute and storage. Apple launched its first iPhone in 2007 which made people spend dramatically more time on their mobile device than the PC. The first Bitcoin network started in 2009, which created for adversaries the perfect anonymous monetization platform, and if it’s not enough, we had COVID in 2019 which pushed everyone to work remotely. So now we have distributed data and people in unknown locations, data is everywhere, literally.
Is it possible to protect it?
We will never achieve 100% protection, but we can definitely do a better job. Sometimes, we use the same tools for years and simply can’t think differently, but at the same time, attackers are constantly evolving and changing their game.
If it takes you hours to get process information from a specific endpoint then you can’t win, if it takes defenders hours to know if a specific suspicious network connection happens only once in the last year, then you can’t win.
Cybersecurity is a data-driven challenge; therefore, you need a data-oriented solution that doesn’t require a 20-year skillset dependency. The path forward requires a fundamental shift in how we approach cyber-data analysis. We need technology that doesn’t require 5 years of training. We need an enabler, a helper, and a smarter solution that will make it easy for cybersecurity professionals to analyze data.
Do we need more security professionals? Or maybe a more training budget? I don’t think so. Let’s win this time.
