Today there is no shortage of compliance requirements. There are so many, in fact, that there are billions of dollars spent every year on tools and audits. These regulations have the right goal in mind: protect companies, their intellectual property and their customers. Unfortunately, by the time these laws make it through the government process the attackers have already changed their tactics. They don’t have to play by any rules.
This begs the question, “How effective are all these compliance requirements at achieving the ultimate goal?” All we read about in the headlines is the next big breach. Pipelines, power grids, global shipping, and even the food supply have been targeted. These companies comply with multiple requirements annually. They employ large teams of SOC analysts. They leverage all of the technology mandated in the requirements.
When was the last time there was a significant revision of any of these regulations? If we created something 20 years ago, is it any wonder it is not relevant today? The reality is that security is now a real-time problem.
Stepping Out From The Corporate Firewall
Most compliance requirements evolve around log management and network control points. Logs are a record of what happened in the past, so by their very nature they are completely reactive. Spotting trends in logs is for the most part a manual process. With COVID, most of the workforce is no longer working behind a corporate firewall, so the network is a less relevant control point. How long will it take to update regulations to recommend more current real-time solutions?
For as long as I can remember, compliance requirements have been the primary driver for the security budget. This is how we have arrived at the situation we are in today. Companies of all sizes are leveraging older technologies that are good enough to clear the compliance bar, but do very little to protect them today.
We need to find a way to break this cycle. There are several new security technologies that can help solve these problems. Unfortunately, it will take so long for most companies to adopt them that they’ll be breached before they can adopt them. AI and ML can significantly reduce the amount of work that SOC analysts need to do, and they can also detect anomalous threats faster than an analyst, in near real-time. With a worldwide shortage of security professionals, this seems like an obvious solution to the bigger problem.
Compliance vs Competition
Another question to consider is how these regulations are impacting our economy and our ability to compete globally. If they move their corporate headquarters to another country, will there be a significant enough savings in compliance costs that we could see more of our companies moving overseas?
These are some big issues that require out-of-the-box thinking to help us evolve. To do our part, we are developing an Open XDR platform where everyone can leverage their existing security tools, AI and machine learning, and we are inviting our customers to participate in a discussion of these issues and bring their ideas on how to resolve them. Too much of the security business today is siloed and focused on quarterly earnings. If we want to create a better world for everyone, we need to take a broader view and be open to all constructive feedback and ideas. If you are ready to be part of the solution, please reach out to me at [email protected]
Brian Stoner is VP of service providers at Stellar Cyber, which develops a next-gen security operations platform that provides high-speed, high-fidelity threat detection and response across the entire attack surface. Read more Stellar Cyber guest blogs here.