A Security Architect's Experience of the Gartner Security and Risk Management Summit
Gartner was a great experience! This year's theme or focus was on Cyber Resilience! It was exciting to see the advancements toward what WWT has done for years now, helping our customers build a cyber-resilient environment to not only prevent attacks but to prepare for the inevitable infiltration of their environments. The keynote speakers kicked off the event by emphasizing a focus on how we can become resilient in an ever-growing hostile cyber world. They spoke about being prepared for the inevitable breach as well as prevention. They spoke of the need for Cybersecurity professionals to stop putting so much emphasis on prevention and start looking at the fact that cybercriminals are ever-growing, constantly changing (we've always been behind and chasing our adversaries), and to be prepared for the recovery. Unfortunately, in today's cyber security culture when a company is hacked or compromised, analysts are often left alone to figure out the cause of an attack or compromise. This leads to a lot of anxiety for those who protect our cyber world, which could lead to potential burnout! If we have the mindset that, someone will eventually penetrate our securities, preparing for it by building environments that focus not only on prevention but restoration, this will not only put us ahead of our adversaries but not burn out our most precious resource used against cyber criminals. Restoration of services to bring cooperate assets back online after an attack is just as crucial, if not more, than analyzing and understanding how it happened. Every second your services are not available could be costing the company exorbitant amounts of money and potential clients. This is why we need to continue with this trend of not only focusing on prevention but also on restoration.
There were 3 days of presentations with a 4th day for visiting vendors. My first session was focused on ITDR or Identity Threat Detection and Response. While this had good information, this wasn't anything new that WWT hasn't already been doing for years! A lot of the information within this session was regarding the integration between your Identity access management logging into your SIEM/SOAR, pulling in that user information for logins, accesses, and rights/privileges history. They mentioned how having this historical information can only bolster you securities and response to a compromised account by correlating network telemetry, user account information regarding rights and privileges, as well as the endpoint data. This session did have a plug for one of their "premier" vendors and their integrations within the entire XDR ecosystem which was kinda of a bummer as I was hoping to get the viewpoint from multiple vendors vs just the one.
Many of the sessions were vendor-specific and focused on driving home the point that resilience and prevention together are best. I'm not going through all my sessions with you as many of them were reiterations of other sessions but with different vendors.
One session I really enjoyed was the one about being resilient by Bear Grylls. Bear mentioned that on his journey to become famous and successful, he had to endure numerous failures and setbacks along the way. Based on those experiences, he lives by these 4 "F" words, which is why he is where he is today:
- The first of these was FAILURE. Failure happens, it happens all the time but these failures will not define you, they make you grow and teach you lessons that can be used to prevent more failures in the future. Depending on how you take your failures, they can either build you up or destroy you.
- This is where the next "F" comes into play FEAR! Its not a bad thing to be afraid, fear keeps us alert and ready to react but being prepared for what may happen to minimize the damage caused should be the focus. You've gotta harness this fear and use it to break through the obstacles and become better.
- Fire! You have to have FIRE! The fire Bear is referring to here is your drive and passion. You have to have the fire to keep going in time where things are the worst, where it seems that there is no way out but you prevail and beat your adversaries. Here at WWT, we have plenty of fire as we are usually brought in during our customers darkest times, when they believe all hope is lost, our fire is contagious, we bring the energy, the know-how, and trust to get things done the way the customer needs it. We help to build a resilient environment to not only prevent but to restore our customers to a pre-attack state with minimal damage caused by the attackers.
- This brings me to Bear's last "F", Faith. You have to have faith and trust in your teams. You have to KNOW that they are doing their best to provide the most secure environment. Our operations teams are always on point, they never get a rest. Their job runs 24/7 and it only gets worse when a breach has happened. We have to give them the tools needed to do their jobs efficiently and to the best of their abilities. We must understand that their jobs are very stressful and that burnouts happen. We have to provide the necessities to ensure our faith that in the event of an attack, we will be ok and we can return to business with little to no down time.
In conclusion, I had a good time at Gartner, learned a lot, mingled with a ton of vendors, and gained a lot of good insight into upcoming cybersecurity trends. I am excited about the way the new trends are headed, with the focus not only on prevention but also on restoration. I'll be looking for you at the next one, and don't forget to stop and say "Hello"!