A new year, a new journey…and many new cyber-risks

January 24, 2018 | 6 min read | Security Posture

I’ve been very fortunate here in Silicon Valley to have participated in many waves of business IT innovation over the last three decades – from the early days of IP networking (Ethernet wasn’t the only game in town) to the rise of the commercial Internet and broadband (remember DSL and early web apps?) to the early days of cloud infrastructure (aka Amazon, with Azure following).

Things have only accelerated wrt the pace of innovation and how + where it impacts and digitizes business (and personal lives).  Fast forward to the start of 2018, and we have IoT moving into real production, the ongoing cloud-ification of nearly all new workloads and business processes, and the shift to mobile nearly complete (especially with shadow of 5G over the next few years).

One area that’s evolved even faster, and with potentially greater impact than these widespread architectural and technology innovations, is cyber-attacks. For both profit and political purpose, the scope of breaches is reaching new highs (or would that be lows?) with each passing year. Target becomes Equifax becomes Deloitte.  And these weren’t caused by new attack surfaces like IoT or mobile platforms accessing industrial control systems (ICS)…those were basic breaches.  But attacks from newer vectors are coming now, and they won’t be trivial…just look at the new Mirai Okiru DDoS botnet that just came out targeting ARC-based IoT devices.  It could touch over 1 billion (yes, that’s with a “B”) of devices shipped annually.

Which is why I feel strongly about joining Balbix.  Yes, there are tons of cyber-security startups out there…different numbers I’ve heard range from 650 to 1500+ companies!  You can imagine the confusion among CISO and security ops teams, as well as the struggle for entrepreneurs trying to evangelize their offering among all those direct – and mindshare – competing entities. But a huge and continually growing security and risk management challenge exists for every corporate and government organization: how do you keep up…and ahead of…the growing volume of cyber-threats?  While your attack surface continues to expand and grow more complex

Attack surface

This is where using a predictive analysis of breach risks comes into play – how to help organizations see what their vulnerabilities are *before* they get breached.  And doing this effectively by displaying only relevant information, and avoiding stacks of unneeded data.  Coupled with prescriptive (i.e. detailed “how to”) recommendations on how to fix the resulting vulnerabilities…in priority order of their business impact. 

The goal being to highlight and prioritize the resolution of business risks associated with digitizing a business (aka the over-used term of ‘digital transformation’).  Business risk, of course, comes from the likelihood of an incident (i.e. security breach) occurring x its severity (e.g. stolen data vs. full business stoppage due to ransomware):

Risk Rating Matrix

The truth is no business today (and certainly tomorrow) can keep up with the volume of new cyber-attacks (and corresponding growth of vulnerabilities) through purely human monitoring, preparation and intervention.  Gartner states that “gathering, fusing and curating the threat and vulnerability intelligence to compile a vulnerability remediation prioritization catalog can be a labor-intensive process if done manually.”1

A Balbix customer I spoke with last week told me his mid-size enterprise captures over 150 million data points daily from their full set of IT assets.  These convert daily to 200,000 “events” and 80+ “alarms” to review and 20+ to assign and analyze (for actual or future breaches).  Without an automated and artificial intelligence (AI) powered system, he forecasted it would require 5 or more full-time security analysts to review the daily volume of alerts and assess their likelihood and severity (i.e. risk), as well as their relative priority to fix.  And knowing the hot spots in his complex attack surface would be really tough without the horsepower of AI.

Balbix provides many of these capabilities (predictive/proactive risk assessment, AI-based prioritization, prescriptive/proactive mitigation + remediation) and more.  Which is why I’m so energized to join their effort and roll out a major resource to help organizations prepare for – and preempt – the ever-growing risk, complexity and criticality of cyber-defense.

1 Gartner “Threat-Centric Vulnerability Remediation Prioritization”; published 28 September 2016