Complexity has fascinated me throughout my career. From algorithms in computer science to the threat landscape in cybersecurity, complexity and its resulting variance create fascinating challenges. But the reality is complexity is the enemy of security.
Fundamentally, complexity in cybersecurity means a lack of visibility. The sheer number of components and point products in many modern networks makes identifying vulnerabilities, let alone remediating them, challenging.
Moreover, the infrastructure itself is dynamic (software-defined networking) and without a clear picture of what’s happening, building strong structural defences is difficult.
A complex baseline makes understanding the system’s behaviour challenging and makes it more vulnerable to human error. In all these ways, complexity on the defender’s side creates foundational weaknesses for attackers to exploit.
Secure by design
As defenders, we try to build defences around the things important to us in our network. We have to take into account how they interact and influence each other. If they are connected in an unclear way, it won’t be easy to build an architecture that comprehensively secures the network.
The best way to confront this challenge is to build networks that are secure by design. This means security is a fundamental consideration from the start rather than layered on top.
The first step should be consolidation. Many organizations adopted point products to solve security challenges as they developed progressively. While many of these products are effective in their narrow scope, they have severely limited interoperability.
They are managed from separate consoles, creating a mess of complexity for security teams to navigate to achieve complete security workflows. Blind spots are rampant, opening the door for attackers.
Consolidating these solutions and working from a platform basis eliminates much of this complexity. Working from a single pane of glass enables teams to execute the full remediation lifecycle efficiently while maintaining a comprehensive view of the network.
In addition to consolidated enforcement, we must maintain consolidated and clear policy. Security teams often encounter edge cases where they want to make changes but want to avoid unintended domino effects based on unknown dependencies.
Consequently, many teams manage by exception – exceptions are added to deal with individual cases, and over time, the policy drifts from its simple initial form. Instead of managing by exceptions, we need to build policies with more flexibility by design.
This establishes the basis for prevention-first security. The inefficiency of non-consolidated security locks organizations into a reactive posture, so instead of preventing attacks, they find them after they’ve already made it inside the network.
The visibility of a consolidated platform, combined with its ability to manage the entire remediation workflow and policies, allows teams to deal with threats before they cause damage.
Artificial intelligence
Artificial intelligence (AI) is crucial to successful security in the modern threat landscape. The scale of the threat environment is too large to confront without AI as a force multiplier.
Strategic AI can scan and identify threats at scale, then apply relevant policy changes or remediation processes automatically, reducing threat windows from hours or days to minutes and seconds.
Its capacity to learn over time from a growing dataset is an advantage as threats continue to evolve. AI isn’t, however, a silver bullet. It produces its own complexities, adding yet another non-deterministic element and there are important steps we can take to harness it more effectively.
As we move to more automation and AI, we must drive systems to be more standard and programmable. We can harness this to input better data to AI engines to provide visibility, analyze edge cases and find and establish more efficient parameters for network policies, reducing the number of exceptions and outliers.
Another element is transparency. Once we establish computable and consistent parameters and policies, we should enable the end user to declare clearly and uniformly what their request is for.
This transparency, combined with an AI layer to keep users within the bounds of that request, automatically creates an efficient, standardized cycle that is simple to manage and expand.
Reducing complexity in a complex world
The threat landscape is always expanding. Cybersecurity can often feel like a race to catch up, inevitably leaving gaps for attackers to exploit. Even as we adopt new tools, their lack of interoperability, hidden dependencies, and blind spots leave organizations exposed.
There are good reasons for optimism, however. We have the tools to reduce that complexity and approach cybersecurity on a prevention-first basis. To achieve this, we must make our networks more transparent and programmable.
Consolidation is important here because it clarifies the scope of network security. It also centralizes visibility and enables consistent policy and automated application.
This consolidation can maintain a strong and resilient security posture alongside strategic AI that actively manages users against clearly defined policies.
Complexity is the attackers’ friend. It creates vulnerabilities for them to exploit and simultaneously obscures defenders from confronting the problem before it’s too late.
Strong cyber security is now a top-level business concern. To achieve prevention-first, comprehensive security that enables modern business, organizations should first focus on reducing complexity.
The author Dorit Dor is Chief Technology Officer, Check Point Software Technologies
This article first appeared in the World Economic Forum. Read the original piece here.