NONE OF US have yet woven the perfect security net. If one of us ever does, an hour later there will be a new attack, a new method, or a new end user who renders that moot. With that in mind, we should consider the thoughts of the Greek philosopher Heraclitus who said, “No man ever steps in the same river twice, for it's not the same river and he's not the same man.” How might we apply that principle to modern cyberdefenses?
If IT security is a river, then your stack must be just as fluid. Consider how long you have been delivering that same stack. How often do you review its components? How often do you review your own practices for deploying your tools? How have you kept up with all the changes in the threat landscape we now find ourselves navigating? And what do you see coming next?
The Only Constant Is Change
If we roll back the clock 10 years, most of our sites had very distinct perimeters, were largely premise-based, client-server networks, and remote access was by means of SSL VPN or an RD gateway. Then came the rise of portables, the advent of the cloud, and later more sophisticated environments such as virtual desktop infrastructure.
But with 2020 came the “100-year flood” of changes that was COVID, boiling the river, as well as adding the thrill of supporting “work from anywhere.” Suddenly we were facing the most highly distributed and least well-managed device fleets we had ever known. For those on premise, those “ship to shore” remote access methods became truly critical.
With all this change, if you are still on the “firewall, anti-virus, and done” plan, you are well behind the curve. Today we now routinely provide managed detection and response, DNS filtering, multifactor authentication, and engage with outsourced SOCs. And, of course, we defend our new M365 “endpoints” with anti-spam, anti-phishing and backup as well.
Currently, it is no longer enough to know where users are. We must now know where they place data, how they share that data, and how to protect those repositories. That includes finding a way to back up all that data, wherever it may reside. No matter how you slice it, the discovery, identification, and protection of that data has gotten much more difficult these past few years.
Changing the Dynamic
Most of us spend too much time in reactive mode, with our heads down, too busy chopping wood to sharpen our axes, much less buy a chainsaw. The asymmetric nature of cyber warfare—we must be nearly perfect while attackers need find just one weakness—only exacerbates this imbalance. It is time for us to change this dynamic and take back control.
Most of our clients will simply never see the world as we do. We see the dots, but they see the image those dots represent. And they sometimes avoid thinking carefully about our questions. I cannot remember how many times I have discovered potentially serious issues on networks we manage, simply because we finally got a different answer to the same question.
I take from this that we need to stop thinking about endpoints, firewalls, or Wi-Fi, and to start thinking about protecting processes, becoming ever more integral parts of our clients’ businesses. This gets us a much more commanding seat at the business table. But it also puts us in the less familiar role of strategists, not as the tacticians so many of us “grew up” being.
We need to find a way to better express the value we bring; of seeing every process through the lens of security, of finding the hidden risks and offering safer solutions. There was a time when this was as simple as closing firewall ports and going to VPNs, but that time is now long gone. Now we must see over the horizon to succeed. If we can only react, we will lose this battle.