NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!

Security Tech and the Human Element

Coming off the tails of RSA Conference 2019, the avalanche of information accrued from the exhibit halls, talks, trainings, and the infamous “hallway track” is overwhelming. There is no way to escape the “latest and greatest,” whether referring to tools and technologies or the people and processes used to manage those technologies. The week is meant for sharing ideas and connecting with industry peers, but the reality of the conference is such that much of the conversation centers on technology—security is a tech field and even though “people” is a foundational element of the “people, process, technology” triad, technology reigns supreme. As evidenced by the number of vendors on the show floors and companies’ appetites for buying and relying on tools to identify/prevent/detect cyber attacks, it’s often easy to forget that (despite fears about artificial intelligence) machines are not coming for every security job and people are critical to the success of implementing, managing, and monitoring tools.

 During the panel, “2028, Future State: Long Live the Firewall?” at RSA Conference, the conversation deviated from the core topic, “the future of the firewall,” several times. As the panelists debated what firewalls might look like ten years down the road, and how or if firewalls as we know them today will even occupy a place in a technology ecosystem without boundaries, it was hard for the panelists to ignore the human aspects of managing firewalls. Of course there are network-based technological issues to contend with when trying to operate a firewall in a cloud or container (or even an on-premises data center), but on the other end of the tool—as with any security or network product—is a human being building or tuning policies, reviewing alerts, and responding to issues. Too often, that person is managing too many tools, seeing too many alerts, or may not even be the expert in how X technology works. Yet they’re responsible for ensuring the tool is optimized to perform its function, i.e., protect the network, detect potentially malicious behavior, and/or contain an attack.

The challenges of ever-evolving technology

The words “security training” typically imply educating non-security people about security awareness-related topics: phishing, password hygiene, risky behaviors on social media, etc. However, Jennifer Minella, VP of Engineering and Security at Carolina Advanced Digital, reminded the audience that ongoing training for network and operations practitioners is also essential—it just means something different, generally speaking, it refers to ongoing product and technology training. This is why thousands of security conferences are held every year, all over the globe. Networks, traffic patterns, and threats to organizations change constantly. Vendors update or add to their tools regularly, whether it’s as simple as a new administrative console or something more complex like features and functionality baked in or added to the offering. Keeping up with all of these changes could be a full time job in and of itself. Still, there never seems to be enough time in the day, and often those in charge of administering security tools end up practicing what they know, what’s comfortable and familiar. In this process, learning new tactics and techniques can inadvertently be shoved to the side.

Learn how to implement zero trust segmentation in your hybrid cloud.
Zero Trust Segmentation For Hybrid Cloud

On top of this, there are the new tools and technologies—like Edgewise—entering the market all the time. The catalyst for many of these products is a security or networking professional who repeatedly encounters a security/networking problem without a readily-available solution. The problem germinates until that person builds a tool that could be applicable and helpful to others. For the most enterprising among us, that solution is developed into its own product. While the vendor community frequently is the target of security purists’ distaste (unless the tool is offered open source), the fact is, every security practitioner uses tools, they need tools to protect their environments. Security technologies like firewalls and SIEMs have served organizations well over the years. But as business requirements change, networks change, and adversaries change, new problems arise for which a bounty of security technology is built. When a product or product category is proven effective in the market, security and networking professional need to learn how to use that technology. No security product will ever be “set it and forget it,” and this only compounds complexity and time constraints.

With the latest batch of security products, machine learning and automation have increased the efficacy and ease of use of many newer technologies—it’s not snake oil; machine learning and AI, when applied thoughtfully and correctly, change the game and offer deeper insights than what we had 10 or 20 years ago. But implementation and ongoing management of these tools still requires work, and possibly a steep learning curve on the part of the user.  

Continuous learning

Nowhere was this more prevalent than during a peer-to-peer roundtable on “Practical Container Orchestration Security” lead by Diana Kelley, Cybersecurity Field CTO at Microsoft. Organizations have growing concerns about securing containers and container orchestration platforms, but networking/security personnel charged with the responsibility aren’t entirely sure where to start or which methods are best. In part, this is true because container security is a nascent field. The other part of the challenge is due to the steep learning curve and the complexities of managing container security—because it can’t be 100% automated. Humans will always be involved, whether it’s configuring containers/orchestration platforms, applying policies, or monitoring and triaging alerts. People cannot be removed from the equation, and anyone saying otherwise is selling snake oil.

The good news is this: while new technologies (security or the next wave of consumerization) will always introduce new security challenges, relying on past experiences and the foundations of security (e.g., the CIS Controls, how laptops were first secured → how BYOD was first secured) will supply the basic knowledge. In addition, listening to and learning from peers who’ve been there, done that/succeeded at this, failed at that is one of the best educational methods. And lastly, pick vendors who are true partners, that have allocated personnel for ongoing training and support. Training and awareness are a continuous loop and it’s people who use products to protect the enterprise. Boiled down simply: it’s impossible to separate people from technology if you expect the tech to work as intended.

Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.