One of the trailers for the latest James Bond movie features the presumed head of the evil Spectre organization, a menacing Christoph Waltz, taunting our hero with the words, “You came across me so many times, yet you never saw me… what took you so long?”
Those lines could easily be uttered by any number of villains responsible for the data breaches dominating our news headlines. State-sponsored attacks, corporate espionage, malware, organized cyber-thievery, and insiders with an axe to grind all add up to real-world, Spectre-like foes. Enterprises need 007-calibre operatives on mission to discover, contain, and combat their own Spectres.
The escalating scope and frequency of major information compromises is compounded by the dynamic nature of two closely related trends – agile technology delivery and distributed cloud infrastructure. Adoption of these models promises and often delivers the speed and scalability that business units now demand, but they greatly increase the chances of multiplying attackable surface area and exploitable vulnerabilities. When combined with the inability of traditional security approaches to protect against ever-evolving intrusion exploits, the situation looks unwinnable.
Enterprises that value security – for themselves, their customers, and other information stakeholders – must recognize and respond to this gap. For starters, they really do need a security equivalent of James Bond on staff (or rather, whole teams of such Double-0 operatives). But even when such talent can be acquired, there’s never enough to keep up with the threats. These operatives can’t be effective against the horde of threats they face without powerful tools and intelligence.
Enter “Q,” the hero behind the scenes.
Your Q for Extreme Automation
In the movies, Q is the quartermaster in charge of tactical equipment and provisions for MI6’s Double-0 section. Q is also traditionally the source of Bond’s fantastical gadgetry and instantaneous tactical intelligence.
And in a prime example of art imitating life, cybersecurity and digital intelligence has become a battlefield in the Bond canon just as it has in the real world. Ian Fleming’s “Q” has evolved from gadget-builder to the figure enabling the Double-0 section to combat cyber-attacks through digital intelligence, countermeasures, and counterstrikes. Thanks to the evolved quartermaster, the Double-0 section can thwart more evil plots before their first cup of tea than in a year of manual field operations.
Sometimes life imitates art, and information-centric enterprises are wise to consider the power of automation and intelligence in today’s cybersecurity environment. The tools, data, and automation available to their cybersecurity operatives must be as formidable as those of the antagonists they square off against every day. Anything less puts them at a disadvantage from the starting gun. Enterprises that excel at putting the right tools and information in the hands of their operatives will enable them to record more “missions accomplished” faster and more effectively. Well-tooled cybersecurity operators, like their nefarious counterparts, must be well practiced in the art of extreme automation—not only to combat known threats, but to effectively master and redeploy enemies’ techniques against them.
For example, consider the botnet. Many of the most insidious cyber attacks in real life depend on these massive networks of victim computers secretly controlled by nearly invisible but highly effective malware. Single commands can put legions at the command of a threat actor, and a well-written automation tool can make these legions nearly unstoppable, moving quickly across massively distributed environments without the attacker needing to intervene. An uncountable army of hackers would be needed to achieve the same results manually. Like it or not, automation is the wellspring of botnet effectiveness.
And so it must go for combatting them. No enterprise can possibly hire enough security staff or dedicate enough bandwidth to hold back the onslaught. But, like the evolved “Q” of the Double-0 section, putting powerful, flexible, and portable automation at the fingertips of cybersecurity practitioners enables you to turn the table.
Make no mistake, we are in a cyberwar and the bad guys are winning. Like the fictional Spectre, the villains in our real-life cyber war are armed to the teeth and execute in an organized, sophisticated manner. Those responsible for enterprise security must confront this fact and respond in kind. The only way for the enterprise Q to close the gap is through extreme automation.
When it comes to Bond movies, no matter how unbelievably lethal the menace or absolute the finale, there’s always another sequel. But for breached enterprises, there won’t necessarily be an opportunity to reboot the franchise.
[su_box title=”About Carson Sweet” style=”noise” box_color=”#336588″]Carson Sweet is co-founder and chief strategy officer for CloudPassage. As founding CEO, Carson led the team that created Halo, the patented security platform that changes the way enterprises achieve infrastructure protection and compliance. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience. Carson and his teams have created groundbreaking security solutions across a range of industries and public sectors, with heavy focus on financial services, federal government, and high-tech. Carson focuses on long-term product, technology, and business strategy as CloudPassage expands market share through existing and emerging cloud security solutions. He also serves as chairman of the CloudPassage board of directors.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.