Last week I had the honor of speaking at the annual Morgan Stanley CTO Summit in London. The Summit focused in part on what I believe is the fundamental problem facing cyber teams today: our inability to reduce the number of overall breaches. I suggested the answer calls for rethinking how security systems work together.
The annual CTO Summit is Morgan Stanley’s main event where technology decision makers review market trends and assess potential changes to their IT and investment strategies. A crowd of several hundred or so investment analysts and IT professionals gathered at the Morgan Stanley Offices on Canary Wharf in London for the full day conference. More streamed in from around the globe to listen to the presentations.
During his remarks, Peter Troy, EMEA CISO at Morgan Stanley, captured the CISO dilemma. Despite security becoming a major component of the IT agenda; despite significant investment in recent years and hundreds of solution providers filling just about every imaginable security niche, enterprises continue to see the overall number of breaches grow. Melissa Gorham, vice president of Equity Research at Morgan Stanley, explored this issue in great depth in her report “Cybersecurity Rethinking Security.”
A major reason why breaches persist is because security systems operate in a vacuum. They are unable to assess the significance of security events from a 360-degree perspective. Yes, they may prioritize events, but they cannot weigh the importance of those security events against the events detected by other systems or the larger business context. There are several consequences that result, such as the massive number of false-positives filling up our analysts’ security queues.
I suggested we needed to find ways to integrate all of our detection systems. Our security platforms need to be more intelligent, more holistic. They need to be able to analyze security events and alerts from any detection tool. They also need to be smart enough to
- identify the genuine threats hidden in the noise of events and alerts,
- prioritize all of those events and alerts in a consistent, dependable manner, and
- expose insights and analysis in a deceptively simple way so security analysts can focus on resolving threats not learning security tools.
These insights are not my own. They reflect the conversations we’ve had with many enterprises like Morgan Stanley and part of the capabilities we offer today in the Siemplify platform.
As an industry, we need to find a way to bring our tools together. We require a common language, a standard by which security systems can easily share information with one another. This needs to be a bi-directional exchange of data not just alerting up to a SIEM. Security tools could then use this data to gain richer context about their networks, making them smarter, more effective in identifying truly significant events.
It is this dual-sided approach that drives us here at Siemplify. A smarter, better SOC platform answers the CISO dilemma for today, adding contextual awareness to our security devices ensures future CISOs will never face that dilemma again.