Cybersecurity dynamo Frank Kim sat down with Opus CEO Meny Har to discuss today’s operational cybersecurity challenges, tapping into Frank’s expertise as an enterprise cybersecurity leader. Together, this lively duo unpacked how vulnerability management, particularly within the realm of cloud security and DecSecOps, has evolved into a collaborative, cross-organizational effort involving many stakeholders.
It’s a great watch, but maybe you’re more of a reader, or maybe your headphones are currently charging. Just in case, we’ve put together a little summary of their conversation for you here. Check it out below:
The Changing Landscape of Vulnerability Management
The primary challenge of vulnerability management used to lie in identifying vulnerabilities themselves. However, despite cybersecurity stacks overflowing with detection tools, they are adding chaos to the mix. The scale of detections and false positives are overwhelming security teams with blinking red lights. This means that today’s focus has necessarily shifted to first sorting through these lights with needed context and effective prioritization before getting to the real heart of the matter: remediation and managing the actual risks associated with these vulnerabilities.
The Growing Complexity of Remediation in Modern Environments
The dynamic nature of cloud environments and increasing attack surfaces are further complicating the role of vulnerability management for Security Operations. This is largely thanks to the shift from static IP addresses to frequently changing cloud resources. Today, there are far more stakeholders and business considerations to take into account and track down before issues can be properly addressed. In turn, this has significantly increased the need for more effective collaboration across organizations around cybersecurity efforts. It’s why we keep insisting that today’s security operators are, above all else, orchestrators.
The Growing Role of Automation and Infrastructure as Code
As cloud environments grow ever-more dynamic, it is increasingly clear that manual efforts can no longer keep up. This is especially true for IaC, where automation has become key for streamlining all operations related to it, including, and especially, where security is concerned. Automation is the only way to keep effective pace when identifying and remediating discrepancies in code-based configurations, ensuring rapid responses to potential threats and vulnerabilities and ultimately bolstering the resilience and effectiveness of security operations in modern organizations.
Security Operations Face Organizational and Process-Oriented Challenges
Today’s Operational Security teams are recognizing a greater emphasis on cross-organizational considerations of vulnerability management. Digital transformation and the way most enterprises digitally operate have led to an increase in stakeholders for security issues. Today, the responsibility for addressing vulnerabilities has expanded from centralized IT teams to include developers, engineers, and DevOps teams. This shift necessitates a more collaborative and process-oriented approach and culture.
The Impact of Cloud and DevSecOps on Security Teams
The consequences of digital transformation continue to manifest, and cloud adoption and DevSecOps practices have certainly made significant impacts on security teams. On this particular point, Frank and Meny encourage security practitioners to evolve beyond purely technology-focused approaches to help make cybersecurity more accessible across their organizations and foster wider, security-focused cultures and workflows. This is because more effective cybersecurity at least in part lies in enabling other teams across organizations to make better-informed decisions about risk management.
It’s Time for More Cooperation Between Different Security Domains
To say that certain departments have adversarial relationships with security teams would be an understatement. However, even various security teams could improve how well they cooperate with one another. The first step is recognizing what they share in common–specifically the interconnectedness of their goals–and better integrating their efforts. This is especially true for cloud security and application security.
Traditional Tools and Approaches Aren’t Cutting It
According to Frank and Meny, traditional vulnerability management tools aren’t well suited to modern environments and challenges. Chief among their limitations are their tendency to promote inefficient processes, especially around managing numerous tickets across different teams. Today’s enterprise security teams require technologies built for today’s environments. This means more streamlined and consolidated tools with as few false positives and as many automated features as possible.
Current Practices Have Costly Implications
Legacy vulnerability management solutions and practices incur high costs, both in terms of financial resources and also in terms of the time and effort required from highly skilled personnel. This is incredibly challenging in today’s talent drought, and only further underscores the need for more consolidation and automation in new vulnerability management tools.
So, Where is Vulnerability Management Heading?
What does the future of vulnerability management hold? The short answer is technology designed for today’s new era of enterprise environments and workflows. As organizations continue to evolve towards cloud-native infrastructures and encounter new types of attack surfaces, the strategies and tools for vulnerability management will need to adapt accordingly. They must be more remediation-focused, take the cross-organizational nature of remediation into account and consolidate and streamline operational efforts with automation wherever possible.