CUTTING THROUGH THE FOG OF MORE
Originally published via LinkedIn over a year ago, the problem of “The Fog of More” still exists. Security professionals still spend too much time fighting to install, configure and maintain their tools only to spend hours digging through data. If the problems described below sound familiar, call us at 608-788-9143 or email firstname.lastname@example.org
Cutting Through The Fog Of More
An overheard conversation between a software vendor and a security professional sheds light upon a growing problem in the evolving battle to secure critical enterprise data and information. The vendor, in the middle of his pitch, was interrupted by the security professional lamenting, “Yet another agent, yet another dashboard.” His objection and dejected look as he walked away underscore one of the greatest challenges facing security and compliance professionals—The Fog of More. The Council on CyberSecurity 2014 Annual Report coins the term “Fog of More” to describe the “Overload of defensive support…more options, more tools, more knowledge, more advice, and more requirements, but not always more security.” The rapid rate at which the IT security industry evolves ensures security and compliance professionals are constantly battling to keep their head above water in a sea of tools, data, advice, and reports. Meanwhile, criminals focus in on attacks.
The Fog of More is fueled by an endless supply of security and compliance companies making grandiose claims about the abilities of their technology. These highly touted security tools typically provide endless amounts of complex data, hiding valuable security information amongst a sea of white noise and false positives. The tools require advanced IT knowledge to install, configure, and maintain, which means more time is spent fighting with tools than investigating security issues.
The result of the Fog of More is confusion, misunderstanding, and ultimately mistakes. What tools should be purchased? What security issues are priorities? What does this ocean of data provided by my tools mean? How does management understand security posture? How can regulation compliance be proven? Security and compliance professionals are so overwhelmed they do not have the time to investigate security events, follow up on insecure end user processes, or report to upper management. One missed issue amidst the white noise, one configuration that is accidentally reset, or one misunderstood security event, and all of an organization’s investment in security may be in vain.
Cutting Through The Fog
History shows that in order to overcome the Fog of More, security and compliance functions must consolidate. Use the invention of the automobile as an example. When automobiles were first invented, some had steering wheels on the left and some on the right. Some had hand brakes while others had foot brakes. There were many different options, all of which operated differently and were wildly expensive. Eventually people agreed on what worked best, Henry Ford standardized it, and cars became easier to operate and more affordable. The same can be seen in the technology world. When home computers first hit the market, they all operated differently, had different features, required different software, and were incredibly expensive. Over time the market narrowed down what worked best and now the average person can operate a computer on a basic level regardless of what brand it is. Both in the automobile and in the technology world, there was transition from an overload of different options and functionalities to a standard of what was expected. In both instances, this transition reduced the number of competitors in the market and made the products more affordable.
For the security and compliance world, this critical process of consolidation is upon us. For example, AristotleInsight, from Sergeant Laboratories, virtualizes the process of data collection, correlation, and first pass analysis. The technology used allows for countless security functions to be provided within a single pane, yet to a level of detail never before possible. Those who use AristotleInsight to gain transparency of their IT environment, and to understand their security and compliance posture, realize an end to the Fog of More. As security and compliance vendors hone in on what those in the industry need to be successful, the number of vendors will decrease, product functionality will condense and improve, solutions will become increasingly affordable, and the fog will fade.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.