Happy new year
Jan 1st, 2019 by Jesper Kråkhede
It is somewhere between late night and early morning. Family has stopped celebrating, the bottles of champagne are empty and everyone is sleeping. Only the security architect is awake.
During the festivities I had a long discussion with a friend of mine of the futility of cybersecurity. How hopeless it is to try to stay on top. Either you loose within a few hours or you spend hundreds of thousands of Swedish Kronas on consultants that only implement security solutions that you don´t understand and have challenges to operate afterwards. His simple question to me was: How on earth am I supposed to come out on top of this?
I had to give it some thought as he was actually pointing to that my work didn´t provide a value to a company. After some clarifications, there was champagne involved, I understood that it wasn´t my work in particularly that was the problem but all those non-standarised technical solutions that was challenging to integrate and operate that was the problem.
We boiled it down to three larger problems:
• bolted on rather than built in, meaning that the user interface was not standarised so that the staff needed to train specifically how to navigate
• siloed solutions, so an event in one tool was challenging to correlate with another albeit a well working SIEM solution with trained staff
• measuring the effectiveness, they bought tools others bought but it was hard to show effectiveness as the only way to prove was conducting expensive pentests that still would find another way through the defenses
We didn’t find any good solutions this night and when the Gin and Tonic was served we forgot about it but now I´m sitting here thinking about it and I might have and idea moving forward. Drop in here in a few days I I´m sure I have cracked a few bright ideas. Until then: Happy new year!!!