Event Recording

Panel | The Future of Cybersecurity Fabrics

Log in and watch the full video!

Cybersecurity Fabrics as a concept has established itself as a common paradigm for securing organizations across the world. This panel will explore where Cybersecurity Fabrics stand today, what the future holds for the paradigm as well as what to consider when prioritizing cybersecurity services. 

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Welcome. All of you. Maybe we start really with a short introduction, just a few words about you and your role. Maybe we start with Victoria.
Sure. So my name is Victoria. I'm the CSO and DPO at Gusto, which is more focused on the social media and marketing communications. We deliver sales tool.
Great, thanks. Great for having you, John.
Hey John Tolbert lead Analyst here at co Cole working on cybersecurity and identity management topics,
Duke, some details about you.
Yeah. Thank you. So Deford head of presales at Sy and recently switched the topic from identity access to cyber security.
That's not, that's a big change, but a very cool topic. I did the same few years ago. So was that Donny? What about you? Hello?
Yes. Donny went I'm principal security researcher at MasterCard. So in that role, I, I look at a lot of the upcoming capabilities, emergent, emergent capabilities and threats, and to drive, to drive our cybersecurity strategy at MasterCard.
Great. Thank you. So let's start with the first question. Ransomware fraud and state sponsored attacks and data breaching involving private information tend to dominate the cybersecurity news. These types of attacks are perpetrated by different actors, involves different kinds of data and even apply to different it domains, thus adopting cybersecurity fabric approach, provide advantages over discrete solutions. If so, how maybe we start with di
I, I would. So I say yes. So just a simple answer to this for the very simple reason. If you think about the construction of a, of a, of a cyber threat nowadays, and, and regardless of what kind of a tech method is used, then afterwards about 90% are executed in the context of identity credential related information. And so therefore it's, we're looking at a two-tier kind of approach, but first of all, this kind of hurdle has to be passed to infiltrate, to position malware into an organization. And that's usually the social context, very important. And after that, the, the, the, let's say the regular procedure starts executing the malware for whatever purpose, if it's ransomware it's, if it's, if it's data exfiltration, if it's just the hide and seek, is it, is it the sleepless cell doesn't matter?
Absolutely. Donnie, your thoughts about
Sure. And I guess what I look at is without that fabric in place, without all these systems are connected, what, what am I doing? And really you're, you're seeing a lot of, then these, these discreet little events that are occurring, then you may not be connecting all of those, right? You may not be connecting all those various detections and then creating an orchestrated kind of an organized response to deal with the threat as a whole. Instead, you're playing whackamole with all the individual events that are occurring.
Absolutely. So you are lacking the capability or the option to identify end to end threats and things like that. Victoria, your thoughts about that.
Yes. I tell you agree already with the other panelists, you know, you want to have this holistic overview, you want to really understand what's going on. If we know, look at more of the discrete solutions, it's fine, but you're just losing a whole other viewpoint. Then having that view then really opens the door to see, you know, the actual thing, but is going on. What is, what can we actually do? It's not only about, you know, detecting issues. It's really about assuming breach, you know, containing a blast radius, ire addicted, recover from it and knowing what you're really dealing with. I think that really helps having the, you know, the security fabric in place.
Absolutely. John, as you share the, or call cybersecurity fabric at the beginning, what are your thoughts here?
You know, I think it's a good point that tax can be complex. They can come from different kinds of actors. They have different targets and yes, we have many different point solutions and most organizations today, but you know, the cybersecurity fabric kind of drives commonality in, you know, a unified approach to that. Because when you think about it, a firewall won't stop fraud, encryption won't stop data exfiltration. So you have to take a holistic view in order to protect all the different assets in an enterprise.
Absolutely. Maybe we start with our next question. So consolidation of security functions into larger Schutze of related products is an ongoing trend. And two good examples are a SASSI or XDR are these development good for customer organizations, Donnie?
Well, we'll start with, with the original, with the normal response to that. Oh, that depends. And I look at it like from, from the XDR right? So if you already have that really mature, same and sore and solution, and they're, they're effectively correlating those events and orchestrating the response, then you really have to ask yourself, you know, what, something like XDR brings, right? What gaps within our current capability does a particular solution provide? Which of course we should be all. We should always ask ourself when we're looking at, at these new capabilities or these new technologies, right. If we're following a fabric approach, so what security services do I have and how important or security service gaps do I have and how important are they? Is this the best approach implementing this XDR solution? Is that the best approach to address them?
And I think that would be true of any sort of new solution that comes out.
Exactly. Duke, your thoughts about that.
So my thought is a very pro pragmatic thought actually. So the consolidation is, is just a question how mature each individual domain can be solved or served because we are looking at, at a growing complexity for each of those kind of aspects. And with that complexity, there is a particular need to be very precise and very, very profound in, in the service quality would like to consolidate into an XDR solution and consolidated HDR approach. And therefore it, it, well, typical German answer, it depends, right? It is. It is. It's the point how, how well each individual domain or particular required expertise assert
Exactly. And at the end, what you need in your organization, whether you go more sassy, more XDR, whatever it's. And at the end, we are going back to what John mentioned at the end of his presentation is the audio noise for me, or is it one of you? Can you hear it as well? So as long as you can understand, we, then that's fine. John mentioned the risk based approach and that's at the end, how to do it, how to overcome, whether you should invest SASI XDR or maybe any other future involved technology, paradigm, whatever Victoria, your thoughts.
Well, yes, don't have really much to add to this again, you know, it depends, I mean, solutions are solutions, but we really have to understand our problem. What are we really tackling? What do we really want to get fixed? You know, just slapping a solution onto something. It doesn't solve the problem. And with nowadays we have so many sophisticated attacks, so many things that we really have to consider that solutions should really help. And if you really feel that this is going to help and address the issue, then yes, then it's a good development. It's good. Some it's something that you can, you know, get your value, who do not use those kind of things. If you actually have no idea what the value is or what you're gonna get out of it
Exactly. Cybersecurity fabrics seem to imply a best of breed approach with a previous mentioned consolidation in the market. How hard is it to follow the best of breed path? Is it getting easier to integrate technologies and make solutions by different vendors work together? John?
I, yeah, I think so on the whole, you know, there has been many different standards, development organizations and standards that have been published in various areas of cybersecurity and identity management and vendors that choose to follow those standards can promote interoperability between those products. So if you want to, you know, choose this best breed approach, I think it's probably just as easy today as it would've been 10 or 15 years ago, which is to say pretty, it can be difficult depending on, you know, actual products selected. But yeah, I think again, looking at, you know, the previous question too, about, you know, consolidation, it's kind of a fact of life that, you know, a lot of the best breed companies eventually get acquired and assimilated into these big, full security stacks. So you wind up with really trying to figure out how to do interoperability between, you know, a conglomeration of best to be breed products from multiple vendors. And hopefully, you know, if they are following the relevant standards in those areas that will make,
So probably the, all your problems are, was huge on, could you check your microphone maybe because the last sentence was a little bit interrupted, Victoria, your thoughts about best of free pass is getting easier to integrate technologies.
Well, I actually have sort of two answers to that. Yes. It's easier to kind of, you know, integrate the technologies. Cause we nowadays, I think we have a better understanding that there's a need that we want to integrate thing. It's not like a one on slap solution that you've done. You have to, you know, combine a thing to get the most out of it. But the other hand is there are so many tools and technologies out there that is kind of hard to know, like where am I looking at? I mean, there's a whole, there's a whole offer of things that you can choose from. And if you also want to really make sure that you're getting the most out of it, you also even have to invest in trying to understand if certain solutions are not providing, you know, overlapping solutions that you're investing maybe twice into something that you do not need.
So in that sense, I think it's still hard, still integrating things still takes time to, you know, make sure everything works. It still takes time to really understand what I'm trying to get out of this. How are we going to make sure there's a real follow up because you know, identifying things, that's great. We have something identified and how are we going to really solve it? What is our next step? How can we limit the radios to what is the follow up having a whole, you know, beautiful solution that only tells you there are problems it's not really solving the problem, right? So, you know, it, it's still a challenge in that sense. I think it helps us to get to that point, but I don't think it will necessarily become easier because in the end, it's still up to us to determine based on the context of your organization, what those steps are. And there are, you know, within cybersecurity, there are a lot of common threats within, you know, any industry that you are, I would say there are a lot of default solutions, but the default solutions might not really appropriately fixed in what you're looking for. So it still requires some manual work in, in, you know, on one hand.
Absolutely. Do anything to add from your end.
Yes. So I, I totally agree to what Victoria said because we have to, we have to, first of all, so especially me representing a vendor, I need to switch positions for instance, on, on, on, on the perspective from Donny I see is, is, is the typical organization which is using such technologies, procedures, processes, and tools combined to in, into each other. So the, the problem organizations have right now is first of all, the various sources of information, the, the, the time elapse and the time delay between the validity of each of these kind of informational aspects. And then obviously the, the importance of that particular information, because that might vary from, from, from hour to hour, from minute to minute, depending on any kind of new information floating in to, to build this picture. Because when we look at this whole aspect, we're looking at a picture out of puzzle pieces and the more puzzle pieces you have and you put together and, and the more you have the simpler, it becomes to put that picture together, the, the more sophisticated and the more, more efficient are you in making decisions and, and acting against those kind of threats.
And this is I think the most important part. So with the complexity, and this is something which the customers are then obviously demanding, is, as John said, the into one of the key aspects. And that should be a mandatory fact actually. So I don't see any value in, in, in, in a, kind of a topnotch solution, which is, which is not interoperable with others. Because again, we are serving, especially us from a vendors perspective, we are serving, we are providing just pieces to that particular puzzle and, and we should help the customers to simplify putting together that particular pieces into the, you know, full picture.
Absolutely. So let's go to the next question. What do you see as an merchant risk that must be addressed by cybersecurity fabrics, Don?
Yeah. And just follow up one thing I wanna say about that previous one is sorry for sure. Yeah. From a technical perspective, I, I would say it's become much easier to integrate these applications because of the interoperability in that, from a business perspective, it's becoming much harder because all of these organizations are saying, yeah, but I do that. And I do that. And I do that. So now I, it appears from a business perspective that I have all these overlapping capabilities. Well, some of 'em just aren't that good at these side things they're trying to do, right? So from that regard, it can become much harder as they to, to follow it. And the other half of that is, unfortunately it hasn't gotten any easier to pull out a solution. And that's what I'm really looking for is the ease to pull one out when another solution comes along and that hasn't gotten any easier.
So I just wanna follow up on that. As far as that, what I see is the, I know the biggest threats or biggest risk addressed by a fabric approach. Well, it's that risk of that, that ever increasing sort of digital footprint and the complexity of all of our security solutions, allowing these more advanced, persistent threats to, to gain a foothold and then operate within there and seeing them as, like I said before, these independent little attacks that are coming instead of that holistic view, and that's where the cybersecurity framework really, or that, that fabric will really help is pulling all these solutions together. So we have that full, what I like call situational awareness. We truly understand what's going on in our environment. Who's looking at us. Why are they trying? Why, you know, not, not just who's attacking us, but why are they because that's ever evolving in our environment. A as we've seen recently with, you know, a lot more of the state sponsored, or just say state ignored sort of attacks emanating out of different areas because of, because of conflict. Right?
Absolutely. Victoria, your thoughts.
I don't think I can put it anymore better than done. You already had. I had basically the same answer. Now it's about really uncovering all those sophisticated attacks, the advanced persistent trends. You might not even see them currently right now because it's so hard to correlate those things. So I think, you know, whether the security fabric really helps to really uncover those things that you are not seeing, that you'll see new patterns, new things that you haven't really taken into consideration before, or, you know, thought of, of not being realistic within really seeing that is actually happening to you. And that you have to follow up on that.
Do it, John, anything to add to the statement from Donny and Victoria to that question. Yeah. Perfect. Then do it. Yeah.
So especially, yeah. So to add something to Donny and, and, and this is also to your question question, I think this, this fabric approach should also be capable of teaching and advising the customer on, on how to proceed. As, as mentioned before by Victoria also is you receive particular information, but the question is, the key question is what do, what do I do with it? And how does that correlate with other, so the typical also the typical Analyst type of work, because you have to be able to somehow connect the dots. And this is something which is quite, quite quite challenging. And even though when you, from your single perspective are looking at, at a series of events, different kinds of events of information, and also correlated information and subsequent information and contextual information, it's sometimes quite interesting and very challenging where to connect those dots. And that, that is something which I think the fabric should be looking at also the, the, the aspect of, of, of teaching and advising how to proceed and how to, how to interpret the information to give a full picture.
Absolutely. Jo again, here, I also have to add something. So copy whole also for sure, you are not doing advisory and talking to customer exactly. This is where we use the fabric approach, whether it's identity fabric or cybersecurity fabric to use it, to build up an understanding on a certain level with different stakeholders from various departments, but also starting to dive deeper into the technical discussion, have an overview and also deep inside what is missing, what needs to be done and where do I need to invest? And this is really an essential part. John, anything to add? Maybe I already mentioned the copy or call thoughts about that.
Yeah. Yeah. That's pretty good. Summary. I guess the only thing I would add is, you know, in the last couple of years we've seen state sponsored a PT actors and cyber criminals, sort of learning one another's tactics using one another's tactics. So I think, you know, we'll continue to see cross pollination between cyber criminal and other types of cyber attacks. And it's hard to predict what will happen next, but we have to be vigilant. And I think the cyber security fabric approach is the best way forward on that.
Absolutely. And with that, we already, we are already at the end of this panel discussion. So 22 minutes really fast, I would love to talk 20 more minutes with all of you, but unfortunately we do not have that time, but thank you very much for joining this great panel presentation, contributing, sharing your thoughts about the cybersecurity fabric or the future about that. Thank you, Victoria, John Duke and Donny for joining us.
Thanks for having us.
Thank you. Thank.