Michael Suby: Using Automation and Assessments to Fight New Threats

ka_0011-2

Michael Suby is VP of Research at Stratecast, a division of Frost & Sullivan. Suby oversees the business operations of Stratecast and its research direction and serves as an analyst in secure networking. Suby spent 15 years in the communications industry with AT&T and Qwest Communications in a range of managerial, financial, and operational roles.

OPAQ: What are the latest advancements in network security technologies for the enterprise?

MS: The new technologies focus on greater detection with greater speed and certainty and the ability to respond with greater speed and precision. We are also seeing detection-less preventive mechanisms which incorporate signals and pattern matching to block malware. This is important because with zero day and highly customized malware, there is an increasing chance that we will get hit by malware which hasn’t been seen before so detection technologies are not as effective. Finally, we are seeing more interest in isolation techniques. If we can isolate the endpoint or use virtualized containers on the device inside a web session, we can prevent the propagation of malware to other devices.

OPAQ: Have advancements in security automation been helpful to the security industry and if so how?

MS: Security vendors are improving automation in their products so users can manage the security systems more efficiently. Incident detection response tools and event management tools are some of the systems which commonly embrace automation today. Automation is important in security because of the increasing security technology sprawl. There are more apparatuses to manage, greater IT footprint in terms of devices, hardware, networks, Internet of Things. Meanwhile the number of security professionals needed far outstrips supply and the cost of that talent keeps going up. So automation helps orchestrate work across the various technologies and can reduce the amount of mundane activities. This enables network security people to take their talent and apply it to the highest priorities first. Automation is also important because it helps speed up the time to detect and respond to events.

OPAQ: What should heads of security consider when making plans for their budgets in the coming 12 months?

MS: With all of the recent publicity around ransomware, we know that the current technologies won’t always work as needed. Many companies have a lot of gaps and vulnerabilities which are not being addressed and which create opportunities for ransomware writers to exploit. Yet budget planning is not just about buying new technology but increasing the frequency of objective security assessments of the enterprise. It’s often better to engage a third party to do this: they have no allegiances plus they have the knowledge base from companies in other industries. I would advise that companies spend more budget on understanding their risk position, and then taking steps forward.

OPAQ: How does this planning change if a company is going to significantly increase its cloud investments?

MS: Growing your cloud presence is common but it doesn’t happen in a vacuum. If you are doing this, at the same time you’re also decreasing the company’s presence in private data centers and managed hosting arrangements. What organizations really need to do is look at the tools and skills for managing hybrid IT. The goal is to manage workloads and control risk across all of the IT environments, and without elevating hours spent by finite IT and security resources. Of course, the cloud is not just about saving money but being more responsive to market needs. But if you are not keeping an eye on the operational aspects, it’s likely that the cost efficiencies you’re hoping to gain will be offset by the need to bring more humans into the equation.