The rash of high-profile breaches including the SolarWinds attack show that the current approaches to securing IT environments are inadequate to the task, argues Albert Zhichun Li, the Chief Security Scientist at Stellar Cyber in this Security Ledger expert insight.


The recently disclosed breach of FireEye should give everyone pause over both the importance and difficulty of security. This high-profile breach left the vendor with a black eye and some serious questions. The disclosure almost immediately had every security vendor writing blogs and articles about the importance of this or that in accordance to what they sell and market. Opportunity strikes!

At the same time, it is hard not to feel stifled by the seeming futility of security. Here is a company known for expertise in investigating or addressing some of the largest security breaches in the world and now victimized by a successful attack. Perhaps not since the NSA was breached and attackers made off with custom hacking tools did the idea of protecting one’s assets and information seem so bleak. “If the NSA can’t protect their own tools and secrets, how can anyone remain safe?” is a question on the minds of so many.

Security futility? Certainly the odds favor attackers by a huge margin. Attackers have an almost unlimited number of chances to mount a successful attack, but defenders must successfully defend themselves from every one of them. With so many avenues for attack, the cause of effective security seems nearly hopeless.

There’s another way to view these current events. While the task of establishing and maintaining effective security is gigantic, it is not necessarily futile. Security can deflect a majority of attacks or find them early enough to mitigate loss and damage. These high profile breaches should serve as a wake-up call, however. The current approaches most organizations take towards security is not good enough. Something has to change.

The current high-profile breaches demonstrate the current approaches are inadequate—that the way security is currently practiced is insufficient.

Albert Zhichun Li, Stellar Cyber

One important change is to stop compartmentalizing security. Traditionally, organizations view security as segments with different systems, policies, reports and personnel. The desktop or endpoint group has its own charter. The network security team has another. There might also be a cloud team and an applications team. Separate systems, separate efforts.

This security specialization makes sense. Such focus splits up the arduous task of security and divides complexity into more manageable segments. Instead of having to “boil the ocean,” security vendors can concentrate on a particular set of problems and challenges to tackle. Security practitioners can focus on the strategies, policies and procedures to protect certain aspects, such as endpoints, applications or resources in the public cloud.
At the same time, the divisions between security are hampering overall effectiveness. A well regarded historical axiom is, “divided we fall.” And security certainly is divided. Ironically, the segmentation helps security, but it also hampers it.

The current high-profile breaches demonstrate the current approaches are inadequate—that the way security is currently practiced is insufficient. One of these inadequacies is the lack of a unified, holistic approach to security. This is not to say that what we that we need a mega-security tool to perform all aspects of security. Instead, we need to aggregate security data to achieve a deeper, more holistic understanding of potential attack activities.
A combination of depth and breadth are needed to get an edge on attackers. Attackers are not limited to just one segment of infrastructure. What may start at an endpoint, through a web application or in cloud infrastructure will evolve as attackers move sequentially to get to valuable assets. Seeing this entire surface provides necessary context and history. Different systems or sensors will be adept at seeing different elements. These inputs need to be aggregated to provide a forest-for-the-trees perspective.
In addition, depth is necessary for fine tuning and more granular understanding. The combination of depth and breadth brings more completeness and greater fidelity—both are essential in turning the tables on attackers.

Security is a daunting task, and there is always an inherent trade-off between openness and accessibility. The web, digital business and mobility all require some compromise to this trade-off. The challenge then is to make infrastructure and assets as secure as possible. This means security can’t stay still. Security must constantly advance and improve. Yesterday’s tactics and technology need to move forward. This evolution and avoiding the natural ruts that occur are essential for success. It’s difficult but not futile .


(*) Disclosure: This article was sponsored by Stellar Cyber. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.