Security as a Service from the CIO's Perspective
By Julie Cullivan, SVP Business Operations and CIO, FireEye Inc
It’s difficult to manage the ever-changing and asymmetric nature of today’s cyber threat landscape. Regardless of the technology developed to thwart them, attackers seem to develop a work around … sometimes before the technology just procured is even in place. Attempting to outpace them is definitely akin to trying to hit a moving target—an invisible and sophisticated one, at that.
Threat actors aren’t just evolving their methods of attack; they’re evolving their focus as well. Recently, they’re intently focused on stealing personally identifiable information, and finding ways to disrupt businesses. No matter what they target or how they do it, these human adversaries are relentless.
For nearly two decades, the solution has been to throw more technology at the problem. In some ways, it’s helped—the time between compromise and discovery is decreasing every year, and that is a huge win for the good guys. But more technology hasn’t solved the problem, and in some ways, it has complicated matters. More technology means a bigger drain on resources, both physical and fiscal. With more and more alerts, today’s security teams are tasked with the impossible: parse through and identify real alerts from false alarms, and at the same time, investigate to determine if some one is hiding within all that noise. And if that weren’t enough, these teams are under staffed: there simply aren’t enough experts to keep up. Security some times ends up consuming resources that could otherwise be invested in an organization’s core business—making the organization as a whole less effective. It’s enough to make a CIO cry uncle.
A Resourceful Answer
But cyber security doesn’t have to be a one-sided battle. The concept of “security as a service” is a growing trend that gives organizations of all sizes a leg up on the attackers. When executed with a competent partner, the security-as-a-service model helps organizations lower their risk, eliminate complexity, free up precious resources, and do so at the lowest possible total cost of ownership. How do you recognize a competent partner to provide all of this? Look for one that provides the following key capabilities:
• Answers not alerts: Customers drowning in alerts – most of them unreliable – need security technology that delivers high-fidelity detection with low false positives, and need a partner that can apply intelligence, analytics and expertise to their existing alerts. The result? A dramatic reduction in the number of alerts that require human inspection. Customers should also expect context on the alerts to help prioritize them and know how to respond to them.
• Expertise on demand: As I mentioned above, the lack of skilled resources is one of the biggest challenges plaguing the security industry. Expertise must be part of the core security-as-a-service offering. Providing this expertise “on demand” means that, as a customer, you can access expertise exactly when you need it, in proportion to your current concern. For example, you might have a question about one alert (in which case a chat conversation with an expert would suffice), need assistance analyzing malware (in which case on-demand malware analysis would be helpful), or you may need to hand over your security operations center altogether.
• Improved security posture, quickly: A security-as-a-service model offers the benefits of speed. Your enterprise can deploy this concept and increase their security posture nearly immediately, with technology, intelligence, and expertise working directly for you. Equally important, you can scale your efforts quickly, vastly improving your chances of thwarting a devastating cyber attack before it occurs.
Proactive Versus Reactive
The security-as-a-service solution provides an extra level of visibility, with experts keeping watch over all activity across a network. With continuous monitoring, attackers have a harder time working their way into your enterprise.
Equally important, the model enables your organization to change from a reactive posture to a proactive one.Extra eyeballs are good but if they’re simply monitoring what’s coming across, attackers can still sneak in. Like a message scrolling across the bottom of a TV screen, it’s easy to miss a crucial piece of information if you’re just passively watching.
What if, instead, security experts who know attackers’ favorite tools and techniques were out there actively hunting for them in your network? These professionals know how threat actors breach a network, where they like to hide, and how they like to carry out their attack. That intelligence is golden when it comes to finding and stopping a determined attacker. And it is one of the benefits of the security-as-a-service model. Companies large and small benefit from the expertise of someone whose sole focus is to hunt down those adversaries and stop them before they can do any damage.
The model is especially ideal for smaller organizations, providing a much more robust security system than they would otherwise have in place. It enables an almost immediate boost in the maturity of their security program, as well as providing a scalability that couldn’t be realized in any other fashion.
Best of Both Worlds
Security as a service offers you both security intelligence and control. Along with the experienced cyber professionals you’d need, you’ll save on the required equipment and storage costs. But the true beauty of having a trusted security as a service provider is the partnership you gain. With the right partner, your enterprise gets much more than alert reporting, contextual intelligence, and a team of proactive security experts–you mitigate your security risk!
Now think about your company doing all of that alone, versus having a partner with whom you can minimize cyber risk and simultaneously improve you organization’s risk posture. Suddenly you’re no longer trying to outsmart the threat actors on your own. Instead, you’ve got a savvy, intelligence-led operation working both with and for you to help you manage the risk. Now you’ve found a solution that offers the best of all possible worlds. For the CIO who’s actively seeking ways to stay ahead of attackers, security as a service is a concept worth strong consideration.