Gartner Security and Risk Management Summit: All Roads Lead to…Visibility!

This week in National Harbor, MD, Gartner held its annual Security and Risk Management Summit—an event that has become a meeting ground for security thought leaders.

Gartner kicked off the event with a keynote that introduced its new strategic approach for cybersecurity defenders: CARTA (Continuous Adaptive Risk and Trust Assessment). An evolution of the Gartner Adaptive Security Architecture, CARTA recognizes the need for cybersecurity teams to adapt to the significant risks facing defenders today. Risk and, by extension, trust, can no longer be binary decisions and, depending on the context, responses must be more adaptive. A CARTA approach relies on the use of APIs for automation, moves away from simple rule-based systems, and puts a greater emphasis on detection/response vs. mere prevention.

Contextual and continuous visibility is at the heart of CARTA—and precisely why the GigaSECURE Security Delivery Platform, introduced two years back, has become so popular among forward-looking security operations centers. Rather than merely relying on prevention techniques, security operations teams can leverage continuous and pervasive visibility to enable multiple tools in their security arsenal—from detection to containment or even predictive analytics tools—to see more and secure more of their infrastructure.

The Call for a New Cybersecurity Model

Indeed, a standout message at this year’s event was the strong recognition that cybersecurity defenders need a new model from which they can re-architect their enterprise security framework.

Our own CTO Shehzad Merchant spoke to an attentive audience about the need for a new model for cybersecurity defenders, one we call the “Defender Lifecycle Model.” Rather than a patchwork of antiquated Band-Aids that can’t combat the invasion of infectious diseases, the Defender Lifecycle Model acts much like the human immune system and can more effectively help organizations understand, characterize, and defeat ever-evolving polymorphic threats. (More on this soon!)

Other Hot Topics: TLS Decryption and the Cloud

Security practitioners and analysts had lots to discuss and ask about TLS decryption and cloud:

• Is decryption best done inside a security appliance, e.g. firewall or a Web proxy? Or is it best done on a Visibility Platform? While the first impulse might be to decrypt inside the security appliance, closer analysis reveals that such an approach severely penalizes performance of that security appliance and does not allow efficient offloading to other security tools that need to inspect decrypted traffic (remember, a modern cybersecurity model is more than just prevention). In contrast, a Visibility Platform allows for the computationally expensive decryption process to be done once, with decrypted traffic then sent to multiple security tools.
• What is the impact of TLS 1.3 on TLS decryption methods and specifically on security operations?
• What kind of application workloads are organizations moving to the public cloud? New workloads? Or is it a lift and shift of existing workloads? Turns out this depends on a variety of factors and there isn’t a common pattern yet. However, one aspect of of cloud adoption that does have security operations nervous today is lack of the right visibility into the cloud.
• How can organizations automate their Security Operations Center (SOC)? How could they use approaches like Software-Defined Visibility to better automate tasks in the SOC?
• As security analytics move from today’s descriptive and diagnostic methods to future predictive and prescriptive techniques, how should data acquisition methods change?

Indeed, for these reasons, it felt like all roads led to visibility at the Gartner Summit. . . and, by extension, to the visibility market leader Gigamon exhibit booth!