Key learnings, how to prepare and the next big thing in security

By Dr. Mike Lloyd, Chief Technology Officer, RedSeal

The rules of the security game keep changing. We were finally getting close to perfecting the art of securing data centers and VPNs, when along came cloud, multiple cloud environments, and a pandemic forcing many of us to work remotely, disrupting all aspects of work and home life.

From a data center point of view, there was a great migration of who needed access to what, from where. Here are some thoughts of what to expect in security in 2021, some of the key lessons from the year and how businesses can prepare for the new year.

1. The next "big thing" in security

The next "big thing" in security is to take something away, not add another widget. Most security teams have more technology stacked up than they can operate to get the intended benefits. Simplification is never easy - ask any poet. Still, we have to reduce the skill level required to drive our ever-expanding attack surface and corresponding technology chain.

It's typical for organizations to have somewhere between 15 and 50 different security technologies, and enough staff to be expert in about 5 of them. This means the other choices either need to be integrated via automation, so they can be driven from the products your teams can handle, or need to be eliminated.

Of course, it's not a good thing to drop a defense that you decided you needed in the past. The good news is automation is improving, and vendors are willing to help, since nobody wins if we drop our defensive posture due to inability to drive all this complex technology.

2. What are some of the key security lessons learned from 2020?

Tool sprawl is a serious problem - we have to reduce the complexity of our technology stacks, making smart choices about which approaches are truly essential. In too many real breaches, there was a sensor in place, and it detected an anomaly, but the anomaly was buried inside an avalanche of other anomalies, none of them serious.

Organizations don't buy tools they don't need - we all have strong procedures to prevent unnecessary purchases. However, none of those controls can help you when you have too many alerts from too many products, without a good way to prioritize and put all the information in the context of your own network. Relevant prioritization of facts is the key missing piece in most organizations.

3. How businesses can prepare for 2021?

Ask what is truly essential, so that you can focus. A good model is known as the OODA Loop - it stands for Observe, Orient, Decide, then Act. We have a lot of "Observe" technology - many sensors. Most companies have invested heavily in Decide (using SIEM) and are in the early stages of automating Act (using SOAR). The big gap to address in 2021 is Orient - taking all the raw facts, and relating them to your specific business situation, so you understand what is relevant or critical, and what is low priority.

##

About the Author

Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.

Mike holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.