The New Norm in Cybersecurity

As the first week of National Cybersecurity Awareness Month comes to an end, we can’t help but continue reflecting on the amazing Splunk Worldwide Users’ Conference we experienced last week, .conf2017. There are a number of phenomenal stats associated with the conference itself, but what really struck me was the vibe within the security track—the open, collaborative spirit was simply astounding! These are CYBERSECURITY teams, and yet in terms of sharing overall strategies, methodologies, even the level of granularity in the deep dives and specific how-to’s, attendees were going above and beyond to enable their fellow practitioners, execs, partners to get smarter and more effective about how to adapt to the “new norm” in security.

And what is this new norm we’re referring to?

Before we get into that, let’s make one thing clear: At Splunk, we are EXTREMELY grateful and appreciative of our customer base coming together to drive such amazing collaborative value for each other, and identifying with and embracing such openness as a critical element to the success of our larger community. However, we also recognize that security problems are more pervasive and complex than ever before. The Splunk users’ conference is a fractional representation of the overall global effort to combat the quickly evolving threat landscape in information security. We envision a world where relentless “ganging up on the bad guys” is happening regularly and effectively. And we can get there but there is work to do.

Now back to this “new norm” in cybersecurity.

First, let’s start with the trend of digital transformation. Digitization is impacting every aspect of how we do business and go about our daily lives. For example, just think about what you can accomplish now with just your mobile phone. Also think about how much progress we’ve seen recently in certain consumer experiences—from traveling through modernized airport terminals, to the ability to purchase almost anything online.

The flip side of digitization is that, like any enabling technology, it can come with inherent risks and more “attack surface," since the additional complexity resulting from digitization also adds vulnerabilities and additional ways for threat actors to “vector in” to your environment.

One common theme we continue to see from our customers, partners, analyst reports, research organizations, tech journalists, you name it: threats are becoming more complex and far reaching, and the gap of skills and talents needed to effectively combat these threats is widening.

We keep hearing about this. As everything from deployment models to topology to business requirements to threat classifications increase in complexity, organizations continue to experience challenges with skills shortages. And even with fully staffed teams, there are still issues to keep up with—this includes everything from staying on top of basic hygiene tasks, to staying trained and up to date on the latest strains of malware, to knowing the enemy/building and maintaining contextualized threat actor profiles.

We see the expectation and role that security plays as even more critical than before, and the responsibility of working toward better security is definitely no longer just limited to the “security team” function. Digitization is an enabler and can provide amazing benefits, but it cannot come at the cost of security. In that sense, security needs to be handled and prioritized as an enabler, just like digitization—the two must exist hand-in-hand and anything less will not do.

So what are the key concepts needed to rethink security as an “enabler?”

What we’ve learned from our customers—and as evidenced by the phenomenal work and results we saw at our users’ conference—we need to meet security challenges in a way that adapts not only to individual threats and new kill chain methods, but in a way that, again, helps to enable the trend of digitization while at the same time addressing the inherent risks of digitization—and this is the key here—in a continually evolving manner.

The market demands that we evolve everything related to security, from our approach, to the technology, to the scale and impact that security has outside of normal “security” operations, to the process by which we run and modernize security operations, including new defense methodologies that center around sharing, coordinating, adapting, and automating where we can and when it makes the most sense—from the manner in which we verify, to getting to optimal decisions, and even to how we directly respond.

These are core tenets of an analytics-driven security architecture. We’ve been beating this drum for some time now and will get into another deep dive throughout the coming weeks on the importance of analytics-driven security intelligence and how it leads to better security decisions.

It’s timely that October is Cybersecurity Awareness Month and that we just finished our worldwide users’ conference. We have a number of great topics top-of-mind to share with you and we’re excited to do so over the coming weeks.

However, for us, cybersecurity awareness is a permanent mindset that we live by every day. Therefore we’ll take a few liberties to align these topics in a way that are most beneficial to our community and those we welcome to join our community.

Per the Department of Homeland Security, the first week of National Cybersecurity Awareness Month is focused on “Simple Steps to Online Safety.” We’ve taken the liberty to modify that to “Simple Steps to Safer Digital Transformation,” as discussed above. To summarize these steps:

• Rethink (not re-do) security – Is it “helping” or “hindering” your digital transformation?
• “De-silo” your operations – Are you leveraging a broader community?
• Set yourself up to evolve – People, process, technology, methods, even philosophy—all of it

Next week, we’ll take a step deeper into the realm of threat landscape and the need to adapt to new technology, and the importance of an analytics-driven approach to security from a holistic perspective. And we’ll close out the month by looking at how the healthcare and public sector industries employ cybersecurity practices.

Do you want to learn more about how Splunk customers are using the Splunk security portfolio to improve their security posture? Download our free customer ebook, "Data Secrets Revealed: A Collection of Security Customer Stories."