‘Twas the weeks before Christmas, and all across the security community, every creature was stirring after months of work from home, conducting conference calls behind doors that were never meant to block the sound of screaming children, trying to find ways to maintain team cohesion and comradery, and attempting to complete projects at a rate of speed that would make even Rudolph’s antlers bend backward with acceleration.
It’s hard to encapsulate just how stressful a year it’s been. Every day we hop back in the saddle, grinding through our calendars with machine-like proficiency, but if there is anything consistent to be gleaned from the new “virtual” conference room, it’s the profound fatigue that can be seen beneath the veneer of Zoom-faces and Teams-faces. Admittedly, I see it in myself, connecting with my postage-stamp reflection on every video call. This year, there is more on our faces than partnerships, security strategy, and threat detection.
But alas, here we are. We did it. This year, somehow, has been traversed, and as we tried to keep standing on the uneven ground of 2020, the tectonic plates of security continued to shift beneath us. For most, the biggest institutional earthquake was that of an emergency rush to remote work and forced adoption of new technologies to make it happen. For some organizations, it was a natural evolution – for others, it was a wild detour into the hinterlands of IT.
In a year where yet another chunk of our daily life was submerged into cyberspace, the networked battlefield reached new frontiers. There seems to be no place where an organization can’t be attacked, including the home network, what was once one of the few relatively safe havens left. It is now the front doorstep of many organizations, diluting models of the network perimeter even further. Before, I had discounted “the perimeter is dead” as a rush to assumptions. Now, I might be a believer. And yet, in the discussions I’ve had, talk of work-from-home is accompanied by nervous chuckles and phrases like “mostly fine”, “pretty smooth”, and “we’re managing”.
The nervousness is well-placed. In a conversation with my father, I described the current state of cybersecurity as a “low-intensity cyber war”. I’m not sure what else to call it at this point. It seems this year we’ve spoken an awful lot about “nation-state actors” and “advanced threat actors”. Even in the last few days, their heads reared yet again with the FireEye/SolarWinds/US government compromise, an industry-wide event that continues to unfold. While the facts trickle in slowly, one thing is clear - had the threat actors wanted to cause mass chaos, they could have. This is the state of security in 2020; the fog of war is dense, and many organizations simply get lucky.
It would be easy for me to turn this end-of-year letter into a foreboding vision of 2021. Frankly, you don’t need me to pen that prophecy for yourself. Instead, I’d wager this letter is more effective if it implores something a little different – decisiveness. Security has always convulsed with change, year-by-year, adopting new trends, and trying to adjust. Many organizations can’t keep up, but 2021, I must insist, is the year to make things happen.
If you weren’t affected by it, the SolarWinds scare should send a shiver down most spines, and the luck many organizations experienced should cause most admins and analysts to stare off into space and seriously ponder less-ideal alternate realities. This event, and indeed this entire year, should be a motivating factor for security teams to begin careful evaluation of current technologies. Decision-makers must begin to understand the Gartner Triad as less of a pie-in-the-sky and more of a growth path. The value of legacy solutions must be aggressively questioned. The speed of response must be quickened. Processes must be honed or remade altogether. It is time to act. We in the security industry love to compare our struggle to that of a Sisyphean task, endlessly pushing the boulder up the hill. It is now time to arm Sisyphus with a crane, pulleys, counterweights, a backhoe, a bulldozer – anything that can make his job easier.
For most organizations, this is a daunting challenge. The distance between point “A” and point “B” seems impossible, and so we convince ourselves the pursuit is more painful than the reward’s peace of mind. To that end, I argue in favor of incrementalism. Incrementalism, as long as it pushes the needle forward, serves greater goals. If circumstances bind you, start small. A little bit can go a long way, and thankfully security is no different. Determine where your dollars may have the greatest impact, and begin building your foundation. If this means implementing an EDR tool or email secure gateway and waiting for the next budget cycle for a SIEM, or an NDR implementation, so be it. Do something. Be decisive, be insistent, be aggressive.
Inevitably, this will raise questions. Tools are blurring together, and comparison points are multitude. If you find yourself making one too many turns in this maze of decision making, let us know. This year, one of the most rewarding parts of my job has been working directly with our customers to help uncover the right path forward. We at Datashield aim to deliver outstanding service and solutions and a resolute, objective means of navigating security and technology decisions. We’ve helped organizations grow and advance their security posture in incredible, demonstrable ways, but these transitions aren’t always easy or obvious. We’re here to help with those tough decisions, have the hard conversations, and help craft the blunt justifications. Chances are, you’re not the only ones doing so.
And so, in closing, I ask that you do not fret 2021. Instead, take charge. See to it that when you do inevitably ponder work during the holiday, you do so not with angst but with an eagerness for decisive action and the truthful notion that, believe it or not, you can plant your feet, raise the shield, and hold out against the onslaught. We’ll be right beside you.