Its been one heck of a year so far in the security industry. With Q2 upon us we have had no shortage of DoS attacks, data breaches, and seemingly utter chaos on the Internet. So with all of this going on where has all the security gone? Security sales grow year over year, products become more advanced and yet how can we STILL have all of these breaches, breakdowns and complete Internet chaos occurring?
Well its simple really, its people. I don’t want to start this and make it sound that the products have gotten it right and the people using them are wrong. Sure we have made significant improvements in products but the hard part is that they have become more complex to use. When I first started in the industry there was always this one person in the organization that could seemingly manage the entire network including the user infrastructure. Today its seems like everything is a speciality. No one understands two or more topics. Its because the depth of any one topic is so much more today than ever. Even within a firewall you can be a L4, L7, or App specific guru. Within one product you can have specialties and subspecialties to the point where the “god boxes” with dozens of features need to be operated by a team.
If anything I think this plays greatly against us in security. It lessens the effectiveness of any ONE person as they are so specialized. Now we will always need people that go into the weeds on a topic. We do need the person that is a master of DFA tables within IPS or the ASIC guru that can minimize the number of operations on a packet. But in security administration if it isn’t simplified, if it isn’t easy we are going to create trouble for ourselves. Its great to say that you have oodles of logs and mounds of metrics but who the heck wants to troll through them looking for the answers? You do get the super nerds who like that but even a super nerd wants to go howe and play the latest patch in Star Wars: The Old Republic. Why can’t we have tools that tell us what is going on in the network?
I don’t mean log aggregators or network traffic graphs. I want something that at a glance will tell me what is going on. I want to know what has happened and what will happen within my network. Can you tell me what is going on within your firewall? What if that firewall had 20 million sessions and 16 Interfaces each with a dozen subinterfaces? Its tough to imagine a dashboard that can solve that problem. But the need is there and now is the time we have to make this easier.
Its not a lack of skill on the security admins part. I meet about a thousand people a year and I hear their stories. Most if not all of the people that I meet are exceptionally bright. The one downside is that they are the user and not the creator of these products. They don’t have time to muck with APIs to get the data they needs. They want results, fast, now, and the have to be accurate. People do pay and are willing to pay good money for this so vendors please listen and make these clairvoyant tools for the admins.
I am going to shortly transition to a new role within my company and this analytics topic is one that is close to my heart. After scrolling through logs for nearly 15 years and mining data manually I want to provide a bit of clarity for the security world. I want you to go home early and spend time with your family, I want you to finish your level 50 character in Star Wars: The Old Republic. I am vowing to help fix this issue of network visibility because I am tired of the SecOps people getting beat up for not defending from the latest breach. The tools to defeat the breach are available today, but the tools to help you configure them are not.
By translating information into an easy to understand format if gives the admin the information they need to configure the devices to secure their network. Isn’t this what we want? An easier way to know what we need to do? Isn’t this what the smart phones do for our lives, simplify the handling of all of today’s tasks? Why not this but for security? If any important advancements need to be made its security analytics. Or the simplification of massive amounts of data to make your enforcement decisions easier. If we had all of correct data in front of us we would make better decisions around what to secure. Do you know why the hacker/cracker wins today? Its because they know more about your network than you do. Change that equation and it translates into a more secure world.