On top of this, there are the new tools and technologies—like Edgewise—entering the market all the time. The catalyst for many of these products is a security or networking professional who repeatedly encounters a security/networking problem without a readily-available solution. The problem germinates until that person builds a tool that could be applicable and helpful to others. For the most enterprising among us, that solution is developed into its own product. While the vendor community frequently is the target of security purists’ distaste (unless the tool is offered open source), the fact is, every security practitioner uses tools, they need tools to protect their environments. Security technologies like firewalls and SIEMs have served organizations well over the years. But as business requirements change, networks change, and adversaries change, new problems arise for which a bounty of security technology is built. When a product or product category is proven effective in the market, security and networking professional need to learn how to use that technology. No security product will ever be “set it and forget it,” and this only compounds complexity and time constraints.
With the latest batch of security products, machine learning and automation have increased the efficacy and ease of use of many newer technologies—it’s not snake oil; machine learning and AI, when applied thoughtfully and correctly, change the game and offer deeper insights than what we had 10 or 20 years ago. But implementation and ongoing management of these tools still requires work, and possibly a steep learning curve on the part of the user.
Nowhere was this more prevalent than during a peer-to-peer roundtable on “Practical Container Orchestration Security” lead by Diana Kelley, Cybersecurity Field CTO at Microsoft. Organizations have growing concerns about securing containers and container orchestration platforms, but networking/security personnel charged with the responsibility aren’t entirely sure where to start or which methods are best. In part, this is true because container security is a nascent field. The other part of the challenge is due to the steep learning curve and the complexities of managing container security—because it can’t be 100% automated. Humans will always be involved, whether it’s configuring containers/orchestration platforms, applying policies, or monitoring and triaging alerts. People cannot be removed from the equation, and anyone saying otherwise is selling snake oil.
The good news is this: while new technologies (security or the next wave of consumerization) will always introduce new security challenges, relying on past experiences and the foundations of security (e.g., the CIS Controls, how laptops were first secured → how BYOD was first secured) will supply the basic knowledge. In addition, listening to and learning from peers who’ve been there, done that/succeeded at this, failed at that is one of the best educational methods. And lastly, pick vendors who are true partners, that have allocated personnel for ongoing training and support. Training and awareness are a continuous loop and it’s people who use products to protect the enterprise. Boiled down simply: it’s impossible to separate people from technology if you expect the tech to work as intended.