news from SINET ITSEF 2015
Tuesday's workshops at ITSEF included tracks on the next-generation security operations center, venture capitalists' look at the cyber market, the impact of the software-defined perimeter, CISOs and the risks they take to mitigate risk, the speed of cyber innovation (and its frontiers), and advice on breaking into the Federal marketplace. Here are a few highlights.
What big commercial enterprises are looking for in security solutions. Facebook's CSO, Joe Sullivan, described his company's search for out-of-the-box solutions, and would rather work with startups than established companies. Usability and non-signature-based detection are of particular interest. HP's CISO Brett Wahlin described needing mature products on their network. They're less receptive to new, high-risk products, and anything they adopt needs to integrate well with their existing products stack. Analysis of data, not mere collection and sharing, is critical.
The irreducible human element of cyber defense. Blackstone's Jay Leek argued that security has an irreducible human element, focused on changes, patterns, anomalies, correlations. Recognizing this leads naturally to an approach that focuses on visibilty, intelligence, and response (which Leek noted was equally applicable to insider threats). Adobe's Brad Arkin described taking a DevOps approach to build servers — rebuilding pristine environments every few hours — as a way of enhancing security. Doing this changes attackers' cost equation, particularly in the way it reduces low-hanging fruit. CISOs on the panel generally agreed that traditional layered security will not keep up with swiftly advancing threats.
Next-generation SOCs: automation, information-sharing, and anonymity. Panelists thought that barriers to SOC success tend to lie outside the control of the SOCs themselves. Executive clarity with respect to goals and direction is necessary to effective SOC operation (and often missing), but all SOCs face the challenge of finding adequately skilled staff: here, too, the human dimension is crucial. Automation could relieve SOC watchstanders' routine workloads, freeing them to concentrate on analysis and anomaly recognition: information sharing at machine speed should, panelists thought, be the goal. Dell's Russell Murrell framed the SOC's well-known false alarm problems as essetially a big data analysis issue. But whatever automation emerges, recruiting staff will continue to remain a challenge. Stronger differentiation of roles and better defined career paths would help. The panel concluded with observations about anonymity, which they agreed had to be the default position in information sharing. The Secret Service's Eduardo Cabrera argued that only anonymity would allow information sharing to scale. Homeland Security Deputy Assistant Secretary Greg Touhill called anonymity essential. He also hoped for legislation that would remove liability barriers to information sharing.
SINET continues today. The CyberWire will be live-tweeting from the workshops and general sessions.