Speaking in a keynote address at RSA Conference in San Francisco, Michael A. Brown, President and Chief Executive Officer of Symantec talked of two key trends affecting the security operations center (SOC) – fragmentation and adoption of technology.
Speaking on “The Security Operations Center of 2020”, Brown said that as an industry we provide an offering for every part of customer IT architecture, and with every new enhancing technology, there is another solution. “What we create in total is a proliferation of products, of network agents, of boxes,” he said. “This creates a massive DIY kit. Customers spend more time integrating technology as we protect the environment. It seems ironic?”
He said that the second theme is with the adoption of technology, expanding beyond the four walls in what we protect. He said: “The scope is increasing dramatically and see the traditional perimeter melting and need a new view and a new ecosystem and how we protect that.”
Inviting a CISO panel on to the stage, the three areas discussed were IoT, cloud adoption and closer integration of supply chains. On IoT, Daniel Conroy, CCISO at Synchrony Financial said that we need to change our behaviour and the playing field, and called for a Wikipedia style system of sharing information, as to pivot into IoT changes the attack surface to make it even greater.
On cloud, Brown said that protecting the perimeter does not do much good in a cloud-based world, but what is more of a concern is losing visibility to what is happening in cloud as you do not know what applications are accessing the cloud, or what data is being downloaded.
Barclays CISO Troels Oerting said that he uses hybrid, private and public cloud, but it is us who own the critical sensitive data and we are always the owner of the data. “I can delegate work but not responsibility,” he said.
On closer integration of supply chains, Conroy said: “We all manage third parties across industries and have a siloed approach to that, but we need vendors doing continuous monitoring in place and have a credit score to decide whether to do business with them or not, based on credit score is the key here.”
Oerting said that we need justification and need to improve it, and in the SOC of 2020 we will need any time available on attacks to know who conducted attacks, as don’t have offensive capabilities. “If I am hacked today, then the next day may be someone else and with knowledge we can stop that and have some attribution, and a platform is important for the future,” he said.