In 2019, CISOs struggle more than ever to contain and counter cyberattacks despite an apparently flourishing IT security market and hundreds of millions of dollars in venture capital fueling yearly waves of new startups. Why?
If you review the IT security landscape today, you’ll find it crowded with startups and mainstream vendors offering solutions against cybersecurity threats that have fundamentally remained unchanged for the last two decades. Yes, a small minority of those solutions focus on protecting new infrastructures and platforms (like container-based ones) and new application architecture (like serverless computing), but for the most part, the threats and attack methods against these targets have remained largely the same as in the past.
This crowded market, propelled by increasing venture capital investments, is challenging to assess, and can make it difficult for a CISO to identify and select the best possible solution to protect an enterprise IT environment. On top of this, none of the solutions on the market solve all security problems, and so the average security portfolio of a large end user organization can often comprise of dozens of products, sometimes up to 50 different vendors and overlap in multiple areas.
Despite the choices, and more than three decades of experience to refine how security solutions should address cyberattacks, various research studies and surveys describe a highly inefficient security landscape. VentureBeat, for example, reported that, “the average security team typically examines less than 5% of the alerts flowing into them every day.” In another example, Cisco reported that of all legitimate alerts generated by security solutions, only 51% of them are remediated. As a final example, The Ponemon Institute reported that 57% of interviewed organizations said the time to resolve an incident has increased, while 65% of them reported that the severity of attacks has increased.
So why do we struggle to counter cyberattacks?
A full analysis of the state of the security industry goes beyond the purpose of this blog post, and we certainly believe that there's concurrence of causes, but we also believe that one of the main factors impacting CISOs capability to defend their IT infrastructures is the lack of integration between the plethora of security solutions available in the market.
The products that CISOs buy and implement as part of their security arsenals are almost never working in an orchestrated way because, by design, they don’t talk to each other. Occasionally, 2-3 products could share data if they are delivered by the same security vendor or if, temporarily, there’s a technology collaboration between the manufacturers. However, for the most part, the IT security solutions out there are completely disjointed from each other. Which is, to use an analogy, like saying that we invested in multiple security solutions to protect a commercial building, such as a CCTV system, security guards, and patrol dogs. But, the security guards don’t look at the CCTV cameras and the patrol dogs are kept locked in the basement.
How can we fix this industry-wide lack of integration?
In an ideal world, the whole security industry would embrace an open standard (there have been many proposals on the table for years) and each security solution out there would embrace that standard allowing any software or hardware solution to orchestrate the CISO arsenal in a harmonious assessment or remediation plan. Unfortunately, it seems we are still far from that day.
Until then, the idea is to leverage IT automation as a connecting tissue between security solutions across various industry categories, from enterprise firewalls to intrusion detection systems (IDS) to security information and management (SIEM) solutions, and many others. If security products across these categories can be individually automated through a common automation language, then the latter can be used as the “lingua franca” to express an orchestrated remediation plan.
To succeed, we believe that this plan requires an automation language that has three fundamental characteristics:
- It is already widespread and highly adopted across the IT industry, to minimize the implementation friction
- It is not in control of any security player, to maintain an unbiased approach to solving the problem
- It can be easily extended by any industry constituency, to integrate and support a long tail of security solutions out there
The industry can already count on a similar automation language: Ansible. As an open source automation platform and language, Ansible already integrates with a wide range of security solutions (and network solutions, and infrastructure solutions, and much more) and is driven forward by a global community of thousands. Ansible, in fact, is the 7th most contributed open source project worldwide on GitHub according to the 2018 Octoverse report.
At Red Hat, we believe that Ansible could become a de facto standard in integrating and automating the security ecosystem and we stand by this belief by committing commercial support for a number of enterprise security solutions widely used by CISOs around the world.
What can we do when multiple security solutions are integrated through automation?
Security analysts around the world understand how difficult it is to conduct an investigation about an application’s suspicious behaviour. Security operators know how difficult it is to stop an ongoing attack before it’s too late or how to remediate the mayhem caused by a successful one.
When every solution in a security portfolio is automated through the same language, both analysts and operators can perform a series of actions across various products in a fraction of the time, maximizing the overall efficiency of the security team.
For example, a security analyst that must evaluate suspicious behaviour from a production server, might need to increase the verbosity of the logs across all deployed firewalls and/or enable a rule on the deployed IDS to better understand who’s doing what and why. This seemingly trivial activity often involves the collaboration of multiple security professionals across the organization and can be slowed down by a series of support tickets/emails/phone calls to explain and justify what to do and how.
A pre-existing, pre-verified, pre-approved automation workflow (an Ansible Playbook in our case), that security analysts could launch anytime they are conducting an investigation, could significantly reduce that inefficiency.
This is just one of the use cases that we’ll support. At the launch of Ansible security automation, with the upcoming release of Ansible Automation, we’ll deliver the integration with enterprise security solutions across multiple product categories:
- Check Point Next Generation Firewall
- Fortinet Next Generation Firewall
- Cisco Firepower Threat Defense
- Check Point Intrusion Prevention System
- Fortinet Intrusion Prevention System
- Snort
- CyberArk Privileged Access Security
- IBM QRadar SIEM
- Splunk Enterprise Security
Over time, we plan to extend support to more security categories and more products across those categories. In fact, security vendors are welcome to reach out to us and explore how we can cooperate to increase the efficiency of security solutions out there.
If you are interested in the details of how Ansible security automation works, we have an entire security track at AnsibleFest Atlanta 2019 from Sept 24-26, 2019. Let’s meet there: https://www.ansible.com/ansiblefest
À propos de l'auteur
Alessandro Perilli is the GM, Management Strategy at Red Hat.
Perilli helps to chart the long-term strategy in the Red Hat management business unit, including company efforts in cloud management, IT automation, and self-healing IT. He also develops the vision behind new management initiatives in multiple areas like cybersecurity and artificial intelligence. He has led the creation of Ansible Security Automation.
Perilli is a member of the European AI Alliance and has co-authored the first Cloud Computing Risk Assessment for the European Network and Information Security Agency (ENISA). He is a former Gartner analyst, where he led the research for private cloud and cloud management in the early years of cloud computing. He was also a pioneer of the virtualization industry as an advisor for Fortune Global 2000 companies.
Perilli started his career in 1999, publishing a book about cybersecurity for Arnoldo Mondadori Editore and creating one of the first ethical hacking classes in the world.
Contenu similaire
Parcourir par canal
Automatisation
Les dernières nouveautés en matière d'automatisation informatique pour les technologies, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Cloud hybride ouvert
Découvrez comment créer un avenir flexible grâce au cloud hybride
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Programmes originaux
Histoires passionnantes de créateurs et de leaders de technologies d'entreprise
Produits
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Services cloud
- Voir tous les produits
Outils
- Formation et certification
- Mon compte
- Assistance client
- Ressources développeurs
- Rechercher un partenaire
- Red Hat Ecosystem Catalog
- Calculateur de valeur Red Hat
- Documentation
Essayer, acheter et vendre
Communication
- Contacter le service commercial
- Contactez notre service clientèle
- Contacter le service de formation
- Réseaux sociaux
À propos de Red Hat
Premier éditeur mondial de solutions Open Source pour les entreprises, nous fournissons des technologies Linux, cloud, de conteneurs et Kubernetes. Nous proposons des solutions stables qui aident les entreprises à jongler avec les divers environnements et plateformes, du cœur du datacenter à la périphérie du réseau.
Sélectionner une langue
Red Hat legal and privacy links
- À propos de Red Hat
- Carrières
- Événements
- Bureaux
- Contacter Red Hat
- Lire le blog Red Hat
- Diversité, équité et inclusion
- Cool Stuff Store
- Red Hat Summit