The influx of funding into the cybersecurity space in the last 20 years has led to an explosion of cybersecurity products and contributed to an app-centric view of enterprise security.
After decades of being bombarded with “Next-Gen-___” at RSA or Black Hat, enterprise security leaders are finally recognizing we have reached the peak of an app-centric view of security.
This proliferation of apps, alongside a rapidly expanding set of commercial threat intelligence providers, has led to “Integration Debt.”
The Cloud Security Alliance’s Secure Intelligent Ecosystems whitepaper describes the challenge of normalizing and transforming data from siloed security tools and disparate intel sources as the “Valley of Death” and ultimate blocker of achieving automation.
Security leaders are in a vicious cycle of buying more apps and intelligence feeds, which leads to more analyst burnout as they struggle to plug the gaps with manual data wrangling.
The 2020 Ponemon Cyber Resilience Study demonstrates the limitations of over indexing in the next great application or tool to advance security operations.
According to the report, security operators reported the following:
- Enterprises with more than 50 security Applications or Tools reported a negative return on cyber resilience.
- 78% report issues with data silos, lack of advanced automation and fragmentation of infrastructure as a core challenge for advancing cyber resilience.
- 63% believe automation, machine learning, AI and orchestration improve cyber resilience.
In data-centric terms, this proliferation of apps has led to what Dave McComb calls “Integration Debt” in his book Software Wasteland: How the Application-Centric Mindset is Hobbling the Enterprise.
Security leaders are in a vicious cycle of buying more apps and intelligence feeds, which leads to more Integration Debt, which leads to more analyst burnout as they struggle to plug the gaps with manual data wrangling.
The only way out of this vicious cycle is a shift in thinking to a Data-Centric mindset:
When every business problem calls for a new application and every new application comes with its own database. This often results in runaway complexity.
Data-centric refers to an architecture where data is the primary and permanent asset, and applications come and go.
We must revise what we mean by “intelligence” in the context of cyber security. Intelligence can’t be seen simply as external intelligence data about adversary tactics, techniques and procedures. Rather it must be seen as the capacity of organizations to normalize, transform, and automatically extract actionable insight and context from internal security tools and external sources to expedite detection and response.
This is the data-centric view of intelligence that is required when you accept that the primary mission of intelligence in enterprise security is to accelerate automation in security operations.
To learn more about app-centric versus data-centric security, read our full white paper here.