When it comes to cybersecurity, I see the world from both the technology and business sides. From either perspective, I see challenges—and opportunities—when I look at the approach that most organizations take to cybersecurity today. The fundamental challenge is that our approach to cybersecurity is too reactive and the mechanisms we have in place are typically too slow and inefficient to react.
As our adversaries innovate faster, we fall behind, coming up with fixes for individual threats, but failing to create a sustainable platform to consume innovation quickly and efficiently. Our adversaries are innovating weekly, and it takes us months, if not years, to deploy a new reactive response.
That’s the bad news. The good news is that we can fix this. We can build cybersecurity into our technologies, products, services and corporate cultures. We can make cybersecurity a business enabler. We can fix it, and we will fix it. Here’s how.
Challenge No. 1: Inefficient Consumption
The way cybersecurity has worked, thus far, is a vicious cycle that keeps adversaries one step ahead: Cybercriminals innovate quickly and come up with new mechanisms to cause more damage and make more money. Then cybersecurity companies, often led by innovative startups, develop solutions to stop those specific attack mechanisms. These new solutions usually take months to evaluate and deploy and, when they are finally deployed, they add to cybersecurity complexity.
As this cycle has evolved, our defense mechanisms have become cumbersome and inefficient. Companies now typically have dozens and sometimes hundreds of different cybersecurity solutions, which don’t necessarily work in concert but rather in silos. The organization is paying to support and maintain these solutions, plus incurring costs to upgrade and replace them.
Challenge No. 2: Humans vs. Machines
Not only are we consuming cybersecurity innovation inefficiently; we continue to approach cybersecurity from the wrong mindset. In today’s era, with automation, machine learning and artificial intelligence, if the battle is man against machine, machine will have the upper hand almost every time. We can’t bring humans to that fight and expect to win.
Machines scale much quicker than humans. Whatever the human capacity may be—whether each person can deal with five security events, or 50 or 500—when the adversary is automated, it can always overcome that number simply by throwing more computing resources at the problem.
From the adversary’s perspective, success is a function of computing, efficiency, automation and ultimately money. As a defender, if you are relying on people to fight this battle, then you have to scale with people. So every time the adversaries add more compute power, you may need to increase the size of your team. Of course, then the adversaries just go out and spend a few more dollars to get more compute power.
There’s no possible way to keep up, either logistically or financially. On the adversary side, growth is becoming exponential because of the easy availability of compute resources. Not only can they go to the public cloud to get compute resources; they are also stealing them from their victims, taking over our end-user machines, servers, or anything else they can use on the cheap and on the sly.
Today, we have humans in our security operations centers (SOCs), fighting machines with the help of machines. We have to shift the paradigm and have machines fighting against machines, with humans to help the machines. Whenever a machine can’t do something, it can use a human.
The Opportunity: A Better Approach to Consuming Innovation
The technology to address these challenges is available today, right now. There are between 2,000 and 3,000 cybersecurity vendors out there, each delivering their innovation as a product that needs to be evaluated, procured, deployed, and operationalized.
What we need is a better approach to consuming that innovation. And we need you, as a business executive, to demand it. Now! If your CISO or security team seeks to buy a cybersecurity solution that will be deployed in a few months or a year, you have to challenge their basic premise. Here’s what CEOs, CIOs and board members should demand:
- Any new cybersecurity solution must be deployed in a day—preferably less than a day—across the entire infrastructure globally.
- Any new cybersecurity solution cannot come with the requirement to hire more people.
- Our entire cybersecurity team must demonstrate an accelerated rate of deploying innovation. The bad guys are moving fast; we must be moving just as fast.
At first, your CISO and security teams may be flustered because these demands fall so far out of the paradigm of how they’ve been doing things for so many years. That’s okay, because the old paradigm is broken. Your cybersecurity professionals need to go to their vendors with the same demands: Find us a way to respond to this challenge, to deploy cybersecurity innovation quickly, efficiently, openly, and comprehensively.
Cybersecurity Innovation Through SaaS
What constitutes a better approach to consuming cybersecurity innovation? In today’s world, software-as-a-service (SaaS) is the most efficient way to consume IT resources and innovation. We’ve seen the SaaS model work across many business functions: customer relationship management (CRM); salesforce management; human resources; enterprise resource planning; email; file sharing; and instant messaging.
All of these activities have either moved to a SaaS model or are moving quickly in that direction. That’s because SaaS enables innovation to be consumed easily and quickly. Thus, the answer to the question posed earlier, how do we address the challenges to our cybersecurity approach?, is the same for cybersecurity as it is for all of these other business activities: We transform cybersecurity to a SaaS model.
If you look at most SaaS solutions, all you need to consume them is a web browser, and your access to innovation is immediate. Cybersecurity needs to be consumed just as easily. However, cybersecurity poses a different challenge than most of those other business activities because of the necessary evil of having the technology deployed within the infrastructure. The only way to get information from the infrastructure and to act on it, is to be part of the infrastructure. This goes for data centers, public clouds, and even end user-devices. So, whichever SaaS cybersecurity solutions are deployed, they have to be deployed simultaneously at every single location.
The answer to that challenge is actually quite simple: Cybersecurity-as-a-platform. Look at some of the most successful IT platforms: Apple, Windows, Salesforce.com Facebook. They provide a simple way to both provide and consume innovation by having an open platform that basically allows anyone with a good idea to come in and sell it. With a platform, the ability to deliver value and innovation becomes near instantaneous.
A platform is when the economic value of everybody that uses it exceeds the value of the company that creates it. Then, it’s a platform. — Bill Gates
As our adversaries become better funded, more sophisticated, and more adept at leveraging automation, machine learning, and IT, we must fix the fundamental flaws in our security approach, and we must do it now. We must be able to consume cybersecurity in a way that enables us to deploy innovation quickly and fight machines with machines.
Cybersecurity has to become a set of services that you consume, rather than a set of technologies you deploy in networks, on endpoints, and in data centers. As we continue our journey in navigating the digital age, a platform is the path to get from here to there, to change forever the model for consuming cybersecurity services and innovation. It is the future of cybersecurity. The future is now.
Nir Zuk is Founder and Chief Technology Officer at Palo Alto Networks. Prior to co-founding Palo Alto Networks, Zuk was CTO at NetScreen Technologies, which was acquired by Juniper Networks in 2004. This article was excerpted from the newly released book, Navigating the Digital Age, Second Edition.