The Failed Promise of New Cyber Security approaches.

We all have many cyber security tools and the sad truth is that breaches and vulnerabilities still take a long time to be detected and re-mediated. The quoted data is that it takes around 252 days to detect then a further 82+ days to resolve.

That’s a long time in anyone’s language and should make any manager, CEO and CSO feel uneasy. For many, this is a death sentence with your own job on the line. But for most organisations, there are too many tools that are installed and the reality is that we may be afraid to unbundle or decommission these. What we lack is time, people, and expertise to fully leverage our existing cyber security investments.

The sad truth is that we simply do no know how secure or resilient we are today. Perhaps this is because any reporting and analytic s we can do today is running against what has happened in the past, and not what’s really happening right now.

What you do today doesn't work?

This is a frightening scenario. There is truth in the fact that most current tools scan for known vulnerabilities against your ‘live’ prod environment, which means these tools must be used at ‘off-hours’ and can only be run one at a time, which is a highly manual and complex operation. The question is does this provide you with an adequate ‘sandpit’ to work with?

The Homeland Security Foundation (HSFA) and not to be confused with USA Homeland Security: “recommends leveraging virtualisation to assess vulnerabilities outside production environments, increasing effectiveness, reducing detection time, and avoiding costly disruptions to business operations”.

It goes on to day that “HSFA strongly recommends developing new standards that require organizations to deploy continuous security delivery fabric-based technologies that leverage virtualisation alongside existing security investments.”

There is a clear case for change, and the question is do you subscribe to this theory?

What is Continuous Security Virtualisation?

Read more: The week in security: Malware-laden apps persist as iOS 9 zero-day scores $1m bounty

A new cyber security startup - Cybric which is headquartered in Boston and includes executives from Yahoo, Actifio. Given the heritage of Actifio, which specializes in data virtualisation, it should be no surprise that Cybric is based around virtualisation.

I recently connected with Andrew Gilman the Co-Founder & COO of Cybric this is a new start-up that has already received $1.3m funding. Andrew explained that their business model was about creating a new class of continuous security virtualisation.

They have a platform that operates as a SaaS-based offering that securely connects, automates, and orchestrates cyber security for on-premise or cloud-based environments. Cybic Fabric simultaneously monitors applications, integrations, operating systems, data centers, and other components of an enterprise network for anomalies using a shadow environment, and then allows you to quickly remediate and roll changes back into production.

Cybric has been built using a high performance model (fabric computing) which can operate in a multi threaded mode – and hence allows Cybric to constantly scan for threats and then automatically remediate vulnerabilities and attacks.

Read more: Resurgence of innovation driving glut of new security tools

Rely on Machines not Humans

By having this non-production version, it is then possible to detect and remediate issues faster and non-disruptively. The secret sauce is that you rely on the machine and the orchestration not on human beings. Because the Fabric can continuously scan everything from source-code to network perimeter, and everything in between – Cybric’s big data analytics engine can provide a near-real-time view of an organisations entire security posture.

Cybric has recognised that robust security will only come from systems finding and fixing vulnerabilities in real-time with little human involvement Doug Cahill, senior analyst, Enterprise Strategy Group, noted that:

“The cyber security market is flooded with over 1200 disparate point tools with customers often running nearly 100 products all requiring a high level of operational knowledge and human intelligence. This reality makes it incredibly challenging to fully understand an organization's holistic security posture"

Read more: SaaS discovery tools target growing shadow-IT problem

Faster Detection = Faster Action

By utilising a virtualised approach will facilitate the CISO‘s team to quickly identify and fix vulnerabilities across the entire application and infrastructure stack."

Through automation and creation of a virtualising shadow environment, all scanning and remediation can be performed in parallel. This provides the ability to identify and fix real time threats, while also minimising impact on the prod environment.

How fast? This is surely the key question and what will make us as a ‘Venture Capitalist’ consider investing or as a ‘Consumer’ to acquire this tool.

How do I measure success?

The proof as they say is in the pudding.

Using a virtualised approach that allows for continuous scanning and remediation, you can then measure how fast fixes are actually made. The key metrics provided by Cybric include IRD (Internal Rate of Detection) and IRR (Internal Rate of Remediation).

These are metrics that today, would be somewhat tricky for management to share with their boards. But, smashing the current 252 days undetected should be the initial goal, and being significantly ‘south’ of that number will be a good outcome.

Sounds really intriguing……can’t wait to see how this works in practice.

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.

Start Survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags vunerablitieshomeland security foundationCybricHSFAsecurity toolssecurity breachcyber securityvirtualisation

More about ActifioCSOVisaYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts