Fixing the Impossible
24/7 (202) 973-1300   

Take My Cybersecurity Vendor, Please!

Share on facebook
Share on twitter
Share on linkedin

At the recent RSA event in San Francisco, one of the real bright minds in the cybersecurity industry, Amit Yoran, President of RSA, wrote a very intelligent paper entitled, “FAILURES OF THE SECURITY INDUSTRY: ACCOUNTABILITY AND ACTION PLAN.” It was a revealing paper (and one worth reading) because Mr. Yoran comes from the cybersecurity space, and has been in the space for a very long time. He states provocatively in the paper, “Despite heightened awareness, panoply of new products and services, increasing investment, and concerted efforts from some of the smartest minds in business, government, and academia, the security industry struggles to keep pace.” He notes that despite billions of dollars in spending, “why is the collective security industry – practitioners, consultants, and, yes, technology vendors –unable to curtail, no less repel, cyberattacks?”

Mr. Yoran™’s paper (perhaps some would call it a critique) is worth the read, and he brings to bear one outstanding point: “A lack of situational awareness among many information security professionals is one of the most pressing vulnerabilities in U.S. cyber defenses. One way in which we see this manifest is the false sense of safety some information security professionals feel. There is too much blind faith in the firewalls and other solutions they have deployed… Belief is placed in products without true understanding, accurate perception of circumstances, or discrimination. Basic due diligence – evaluations, reference checks, pilot projects – is often overlooked.”

We could not agree more. By one count, over 800 vendors sell their wares and latest “black boxes” to U.S. companies. Over half of the vendors in the world reside in the U.S., hawking their latest product or appliance.  Their buyers are most often giggly, hoping and praying there is one black box that cures all the ills of their network. 

We feel most of the problem lies in the lack of a clear message. Mere hardware cannot cure our cyber security woes so long as humans are still in the equation. And they are. For every new appliance, there is a human watching over it, responding to it, or, more appropriately, “clicking on a link” in the hope that fame, riches, and glory will soon be bestowed upon him or her by the sender. A bigger and perhaps more complex problem is that there are simply not enough humans to fill all the necessary cyber security jobs within the U.S. to help secure networks. In an asymmetrical cyber security threat world, humans are not going to win the battles to come without more mission-critical help, visibility, and threat intelligence. 

Instead of firewalls, we need to start talking with our cybersecurity consultants and professionals about cybersecurity automation that can link hundreds of thousands of sensors together and watch over them at network speed for incursions. We need hardware that can assimilate feeds from Anti-virus products, firewalls, and intrusion protection devices and make sense. We need to start talking about hardware (which in reality exists today) that can guide human beings to take corrective action which might (just maybe) stop an incursion in its tracks, and interrupt the cyber kill chain before it “kills” them.

Take my cybersecurity vendor, please!  Give me one instead that can bring clarity and visibility to my network. One who can help me make the right security calls. One who can help me respond to a cyber attack.  Before its too late.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

More Posts

Real People Histiry

The Real People of History

“Lather was thirty years old today.They took away all of his toys.His mother sent newspaper clippings to him,About his old friends who’d stopped being boys.”

Richard Levick on PRWeek

Richard Levick joins PRWeek for their weekly podcast to discuss the latest PR trends, recent crises and what it’s like working with foreign governments during

The Middle Road

“I was lyin’ with my mess-mates on the cold and rocky ground When across the lines of battle came a most peculiar sound Says I

A Gift for the New Year

Celebrate the new year by watching this TED talk on finding happiness through gratitude. Want to be Happy? Be Grateful The one thing all humans