Three security challenges that need solving
There are three fundamental challenges in security that need solving. And it’s not all about cyber, there is also a physical element, with certain commonalities in the problems that customers face, and how they can be solved.
This is according to Tormod Ree, CEO of Ava Security, who presented a keynote address on ‘The need for unified security’ at the ITWeb Security Summit 2020, being held as a virtual event this week.
Data overload
The first challenge is one Ree describes as data overload.
“Data overload comes from the fact that there is an overwhelming amount of data without any meaningful insight from the vast majority of sensors that are out there are, in this case mostly video, security or CCTV cameras, which produce a wealth of footage.”
He says customers typically have hundreds, sometimes thousands of these, and because there are so many feeds and no insight beyond the actual picture, it's virtually impossible for customers to be proactive. They can’t identify what they should be looking at before a threat escalates to an actual incident, and it's also incredibly time-consuming to sift through to find what they're looking for, as it all has to be manually reviewed.”
The same is true if you consider cyber security, but in this instance, the data is slightly different; it's no longer video but rather data from the network, from endpoints and from different types of solutions and sensors that’s presented, quite often in an unstructured format and without any insight, Ree explains.
Again, this makes it incredibly difficult for the customer to act, and practically impossible for them to be proactive in terms of identifying a threat, while doing searches or forensics after the fact is an onerous task.
A problem of complexity
The second problem, says Ree, that most customers face is around complexity and the slew of different solutions available on the market.
“There's quite a lot of complexity throughout the whole customer lifecycle, all the way from buying to installing to managing the whole across the entire chain. This is mainly because solutions have been designed by experts for experts.”
Ree shows a picture of the Concorde cockpit as an example. “Most, avid fans excluded, wouldn’t recognise it. It has a wealth of different information and switches etcetera, but at the time, you could design the product and the plane in this way because not many people needed to be trained to fly it.”
In much the same way, he says, our industry is coming from a place where there are a lot of experts and a lot of expertise, but if solutions need to be scaled to accommodate many users, they need to be a lot more simple, like driving a bus. “You need something that requires less training, that automates mundane actions, and something that can scale out to the masses, so everybody can take advantage of the sort of suite that they need to stay safe and secure.”
The failure of current solutions
The third problem, and this relates perhaps more directly to unified security, is that current solutions fail to protect against hybrid threats, or threats that span both the cyber and physical domains, says Ree.
“Increasingly, we are seeing everything from simple to very sophisticated threats that span these two domains. We see a failure to identify them not because there's a lack of data, but because there is a failure to see patterns across both domains. If you have separate solutions with separate operators, separate analytics, separated into two different silos, then there's no way that the dots can be connected, and the patterns that you need to see to protect and guard against these threats or potentially investigate them faster, identified.”
What is needed is a solution that’s able to identify patterns across physical and cyber data. “Imagine a situation where a sophisticated attacker first attacks the IT infrastructure to gain access or to bring down the physical security solution, and then later commits a physical breach to do additional harm. If you had a team that worked effectively across the two domains, and had solutions that knew they should hide the defence system on both sides when an attack is taking place, then you would be better protected against these more sophisticated attacks as well.”