EXCLUSIVE - Key takeaways from OpenGov Security “Gamification” event
Recently a Security “Gamification” event was held by OpenGov in conjunction with Tenable, CyberArk and Splunk. There were a total of 37 attendees from 21 different government organisations, forming a broad spectrum of security requirements and knowledge.
During this exercise, four security related scenarios were presented, and the attendees were tasked with combining features and functions from all three vendors to form a solution to address the specific scenario. The unique vendor agnostic format of the event provided an excellent environment for the attendees to learn how different security technologies from multiple vendors could be integrated into a comprehensive ecosystem and solve specific security problems.
There are several take-aways that the attendees (and the vendors) learned from this event that we would like to highlight.
The first point is that the security problem is best solved by combining best in class solutions from multiple vendors.
To solve the specific scenarios that were presented, features from all three vendors in attendance had to be combined to produce the required outcome. In fact, none of the vendors present could have addressed the entire scenario on their own – components from all three vendors were required.
The exercise amplified the fact that there is no such thing as a one-stop-shop for security. Vendors may excel at solving one problem in the security space, but may not be as good at solving problems that are not their core focus.
The net result is that compound problems are best solved by applying best-in-class technologies from multiple vendors, and integrating those technologies together.
The second point is that solving the security problem requires visibility.
The scenarios presented included:
- Proving regulatory compliance
- Dealing with the presence of a critical vulnerability within the enterprise
- Identifying the presence of and extent of a breach
- Keeping up with a rapidly expanding enterprise with limited staff
Each of these scenarios required extensive visibility into every dimension of the infrastructure – visibility that no vendor alone could have delivered. For example, Tenable provides information relating to configuration, compliance, vulnerability data and network based discovery data. CyberArk provides information relating to the use of privileged accounts and privilege escalation. Splunk provides a comprehensive visualisation of event data based on log analysis.
Together, the three solutions combine to provide the visibility necessary to expose the assets, threats, risks and vulnerabilities provided by the scenarios.
The third point is that solving the security problem requires continuity.
A security program that works as a series of incremental “snapshots” of the state of the environment is a fool’s exercise. This is because modern infrastructures are much akin to an organic entity, expanding, contracting and changing constantly. Snapshots of the state of your infrastructure taken at infrequent intervals cannot capture this state of perpetual change.
End systems come online and go away. New applications, both authorised and unauthorised are constantly appearing. Modern, non-tangible assets such as cloud instances, containers and virtual machines are constantly emerging too. The security infrastructure must be capable of continuously discovering all modern asset types and assessing the risk that these assets bring to the enterprise. Beyond this, real-time monitoring of important data points must be maintained critical areas of the network, security devices and endpoints.
For the four scenarios presented, all three vendors provided value in maintaining the continuity of the security monitoring and evaluation beyond that which would have been provided by any company alone.