Recently a Security “Gamification” event was
held by OpenGov in conjunction with Tenable, CyberArk and Splunk. There were a
total of 37 attendees from 21 different government organisations, forming a
broad spectrum of security requirements and knowledge.
During this exercise, four security related
scenarios were presented, and the attendees were tasked with combining features
and functions from all three vendors to form a solution to address the specific
scenario. The unique vendor agnostic format of the event provided an excellent
environment for the attendees to learn how different security technologies from
multiple vendors could be integrated into a comprehensive ecosystem and solve
specific security problems.
There are several take-aways that the attendees
(and the vendors) learned from this event that we would like to highlight.
Ecosystem
The first point is that the security problem is
best solved by combining best in class solutions from multiple vendors.
To solve the specific scenarios that were
presented, features from all three vendors in attendance had to be combined to
produce the required outcome. In fact, none of the vendors present could have
addressed the entire scenario on their own – components from all three vendors
were required.
The exercise amplified the fact that there is
no such thing as a one-stop-shop for security. Vendors may excel at solving one
problem in the security space, but may not be as good at solving problems that
are not their core focus.
The net result is that compound problems are
best solved by applying best-in-class technologies from multiple vendors, and
integrating those technologies together.
Visibility
The second point is that solving the security
problem requires visibility.
The scenarios presented included:
- Proving regulatory compliance
- Dealing with the presence of a
critical vulnerability within the enterprise - Identifying the presence of and
extent of a breach - Keeping up with a rapidly expanding
enterprise with limited staff
Each of these scenarios required extensive
visibility into every dimension of the infrastructure – visibility that no
vendor alone could have delivered. For example, Tenable provides information
relating to configuration, compliance, vulnerability data and network based
discovery data. CyberArk provides information relating to the use of privileged
accounts and privilege escalation. Splunk provides a comprehensive
visualisation of event data based on log analysis.
Together, the three solutions combine to
provide the visibility necessary to expose the assets, threats, risks and
vulnerabilities provided by the scenarios.
Continuity
The third point is that solving the security
problem requires continuity.
A security program that works as a series of
incremental “snapshots” of the state of the environment is a fool’s exercise.
This is because modern infrastructures are much akin to an organic entity,
expanding, contracting and changing constantly. Snapshots of the state of your
infrastructure taken at infrequent intervals cannot capture this state of
perpetual change.
End systems come online and go away. New
applications, both authorised and unauthorised are constantly appearing.
Modern, non-tangible assets such as cloud instances, containers and virtual
machines are constantly emerging too. The security infrastructure must be
capable of continuously discovering all modern asset types and assessing the
risk that these assets bring to the enterprise. Beyond this, real-time
monitoring of important data points must be maintained critical areas of the
network, security devices and endpoints.
For the four scenarios presented, all three
vendors provided value in maintaining the continuity of the security monitoring
and evaluation beyond that which would have been provided by any company alone.