he conventional enterprise security model is in complete disarray. A typical organisation generally deploys a handful of products which have pinpointed functionalities, a solution trying to solve a limited set of security issues.
Majority of these are heavily focused on detection. Then, there would be one or two responsive systems running on top, with only one-way communications with other products, providing orchestration to the security operations centre.
All these platforms are bottom heavy: requiring large infrastructure investments, with high operational and integration costs.
Even after years of tweaking, the chief information security officer (CISO) struggles with establishing a synergetic security ecosystem.
Then comes the pressure of regulatory compliance, diverting all the attention and money, thus weakening the security posture. Compliance only sets the baselines. If you are worth getting hacked, you will be hacked.
This model is largely driven by a particular bias of the human mind: that security is mainly an infrastructural problem. We often allude cybersecurity to our physical or spatial sense. That’s why we have created "perimeters", "endpoints" and "demilitarised zones" even in cyberspace. Attackers don’t target infrastructure, they target entities.The entity-based intelligence approach has to converge with the infrastructural security approach of the enterprise.
There are security product silos within an organisation, there are silos between organisations. A CISO’s vantage point is limited to the logical borders of his/her enterprise. A cyber-attack knows no such boundaries.
An Advanced Persistent Threat is mostly seen compromising entities and individuals within an industry vertical or a critical national sector. There was no automated way to facilitate the sharing of intelligence across such peers.
An enterprise today stands incapable of defending against a motivated nation state or a non-state actor on its own.