Its Time for a Different Approach

Posted by Andrew Maloney
Andrew Maloney
The security landscape is broken, but we can still fix it. Read on to find out how!

A layered defense. Paula Piccard


When I look at the security landscape, the lack of available talent, and a massive tool overload, I understand that fundamentally we as an industry have a major problem. A major problem with not one but two large barriers to entry.

First, security is hard! Learning all the ins and outs of computing hardware, operating systems, applications, networking, ports, protocols, what's considered secure and what's not is a major undertaking by itself.

Then oh yes cloud, we can't forget cloud and all its added goodness.

Compound that with the necessity to understand how all these things interconnect transparently to make the world as we know it function and wow, that’s a lot for anyone to process.

Second, as if the first we're difficult enough, there is a another and largely vendor imposed barrier to entry found in the tools we buy and use everyday. Looking at a typical security operations team alone we find security professionals are bombarded daily by the next iteration of technologies in endpoint, network, SIEM tools, vulnerability, applications, identity solutions, etc... and the list goes on. Worse yet each vendor seem intently focused on selling either magic bullets for detection or become the new centralized repository to own all your data.

Well I've learned a lot over the past two decades, and much of my learning comes from hard fought lessons in trying to deliver on the many promises made by the very solutions mentioned above. One thing that has become very clear to me is that current approaches just... don't... work...!

I believe we as an industry have reached a precipice, one requiring us to face the reality that there is not and will never be a silver bullet tool for detecting bad things and that all data will never be in one place or in one format.

Security is an ecosystem where many different tools, provided by many different vendors, need to integrate and allow for the seamless access and sharing of information across many different platforms.

So... perhaps it's time for a different approach.

Throughout my career, but especially as of late, I've spent a significant amount of time interviewing and observing cybersecurity teams to further understand the challenges they face in securing their environments. In parallel I've talked to enterprise IT users and not surprisingly both have expressed that they would be more productive and successful if they just had quick and easy access to answers and insights needed to do their jobs.

Sounds simple right?

So what if the future is not about the next shiny thing, or magic bullet, or even the latest cloud native doohickey, but is in fact about focusing on the simplistic and often overlooked things that in reality mean the most.

What if, the future of security is about simply making security more intuitive and accessible.

This can be done, but only if we try. We can start by simplifying the use and value extracted from existing toolsets. Then by creating an intuitive and independant means of sharing and collaboration we can make lower the barriers to entry.

Perhaps we could even leverage elements of intelligent observation and prediction to enable learning and to educate the next generation of security professionals.

Instead of succumbing to traditional methods in which we are forced to learn proprietary data formats and query languages not once, but multiple times to access data sharded across disparate systems.

  • Imagine getting started in security and being able to really "talk" to your data.
  • Imagine speaking in plain English and having a tool translate your questions to fit the platform(s) syntax instead of customizing a unique query for every platform you interact with.
  • Imagine being able to have that one question reach across all platforms simultaneously to access all data wherever it lives.
  • Imagine a content library full of questions that can be applied agnostically to the toolset in your particular environment.
  • Imagine linking those questions to form workflows that improve consistency and efficiency for investigations and recurring tasks

Now pause a moment and realize that this is not something that needs imagining, realize this is a reality in the making.

QueryAI's IRIS platform is leading the revolution I believe our industry needs to truly expand accessibility and collaboration across not just teams but companies and industries. Focusing on simplicity, intuitive design, meaningful user inspired out of the box content, and allowing agnostic access to data and insights IRIS is the solution to remove the complexity in and increase the value derived from existing tools, while also empowering the next generation of cyber professionals now and into the future.

At QueryAI we want to reduce the gap between what users need from the data, and the effort that is currently required to access and act on it.

IRIS is your personal Security Concierge! You ask the questions, she provides the answers, its as simple as that.

-Andrew

Comments or feedback, start the conversation below & be sure to follow us on our journey of making security accessible to all!

Andrew Maloney

Written by Andrew Maloney

Andrew is an Air Force veteran, a seasoned executive, and a security expert. With nearly 20 years experience in roles varying from hands on security practitioner to business and though leadership he has seen the market evolve and has a keen understanding of the challenges facing the industry.