Share with Your Network
If 2020 was an ordeal for people and businesses, 2021 came at us like a dare. By the time the new year was upon us, we had all mobilized our remote workforces, hardened our infrastructures against hyperactive hackers, and established whatever protocols we could to keep our families and colleagues as safe as possible.
But as prepared as we all may have felt to face what was coming, 2021 decided to up the ante by writing new definitions for chaos, from the tumultuous fallout of the U.S. election to high-profile ransomware attacks and nightmare vulnerabilities. And then, just when we thought we’d whistle past December without a hair-on-fire event, along came a cascading array of Log4j vulnerabilities whose massive footprint and zero-day characteristics led at least one related CVE to earn a Kenna Risk Score of 100, and you can hardly get worse.
Will 2022 offer more of the same? To some degree, certainly. But in the past two years, we’ve all learned a lot about how to navigate the ever-shifting risks of this modern world. And thanks to some encouraging developments in the security space, we’re better suited than ever to meet those risks with confidence.
Amid complexity, a need to simplify security
Facing the challenges of 2022 confidently begins with accepting that security challenges are real and will only grow more involved and numerous. Environments and networks are growing in size, complexity, and connectivity — creating an ever-larger attack surface for bad actors. Vulnerabilities in devices, operating systems, and applications are multiplying. Yet resources are finite, and budgets are not limitless. Even top-performing remediation teams can only address somewhere between 25-30% of the vulnerabilities in their environment. For most, that number is closer to 10%.
This past year, it became clear for the need to combat complex security challenges, enterprises must remove complexity from the equation. By no means is this easy — in fact, it’s enormously difficult— but for enterprises to develop a culture of cybersecurity, the tools, and technologies they use to protect themselves have to be easy for virtually anyone to use. This could not be more critical: A Stanford study found human error accounts for 90% of all data breaches. So, the more cyber-equipped and aware your workforce is, the better you’ll be to protect your infrastructure and data.
Solving security for all
With the need for simplified security becoming more urgent, 2021 witnessed an especially timely development. It came when Cisco’s security business acquired Kenna Security, the pioneer of risk-based vulnerability management and the company I’ve been privileged to run for seven years.
The acquisition marked the intersection of two companies with the same fundamental goal of transforming highly complicated, data-intensive tasks into automated workflows driven by powerful data science and machine learning. Simplifying security has long been a guiding ethos for Cisco; on the vulnerability front, it has been so for Kenna Security as well. Now, that ethos is driving the way we integrate Kenna Security’s unique prediction and prioritization capabilities into Cisco’s security portfolio.
It’s not just about technical data
Security experts have a tendency to think about problems in terms of technical data. That’s understandable. It is extraordinarily difficult to prioritize hundreds of thousands of events and incidents on their own empirical technical merits, but this is exactly what is required to derive actionable insight from telemetry. Extracting those insights involves deploying a wide range of data science regimens, including correlation, rule sets, and predictive algorithms, to gain an understanding of whether an incident or vulnerability is a priority for your response and remediation teams.
But it also requires mapping that information onto variables within the business itself: Which role or individual is the target of the attack? What asset or system, what application, and what data is the attacker attempting to access? And critically, how vital are those assets to business operations?
Correlating all these data points then gives you a business-prioritized view of incidents and vulnerabilities. It helps you understand where the business is at greatest risk to take informed actions to mitigate it.
And with those capabilities, you can extend your data-driven, risk-based methodology to every corner of your enterprise.
Enter XDR—and establishing a simple, unified defense
At Cisco, we see all of this operating within the framework of extended detection and response, or XDR. Going well beyond traditional endpoint detection and response, XDR involves the extensive data collection and correlation described above so enterprises can gain more visibility and context around every threat. Viewing that data through the lens of risk, you can determine how likely certain events are and how rapidly you should respond to them.
That’s the real value of XDR—driving the outcomes to help businesses assess and mitigate risk in ways that don’t overly tax resources or budgets. But not any solution is up to it. The more telemetry you have to analyze, the better outcomes you can ultimately drive. But you need the right tools and data science to make sense of all the telemetry. And once you’ve normalized, correlated, and distilled all those events into the incidents that matter most, you have to prioritize them in a way that guides your team to focus on the tasks that will move the needle on the most risk.
This is what it’s like to have a simple, unified defense: all the telemetry, all the contextual insights, and all your assets not just monitored but analyzed to determine which alerts are worth your time and attention, because there are hard limits to both.
Think about it. At a time when resource-constrained security teams are overrun with alerts, what could be more valuable than knowing with confidence which incidents and vulnerabilities demand your immediate attention, and which might appear on their face to be a priority but aren’t?
We all know 2022 will bring new threats, new challenges. But just as cyber threats are constantly evolving, so too are the most advanced platforms designed to help enterprises defend against them. Here at Cisco, we now have the unique ability to explore applying a predictive, risk-based approach to security areas beyond vulnerability prioritization and prediction. For us, it’s exciting. And for customers everywhere, that knowledge should offer reassurance they can greet the challenges of this coming year with confidence.