called ‘Defense in Depth’ product lines. However, ‘Defense in Depth’ approach is flawed and usually
leads to much higher cost without solving the fundamental requirements of comprehensive cyber security.
So, what is the primary goal of “Comprehensive Cyber Security for Digital Era”? It’s a) to protect the
organization from all known and unknown cyber-attacks and b) if an attack happens, to proactively detect
it at an early stage and contain or eliminate the attack to minimize the damage. In short “Stop the Data
Breach from causing any damage to the organization” – whether that damage is legal, financial,
competitive, and/or nation-state based.
Let us look at what are the basic requirements of “Comprehensive Cyber Security”. The key requirements
start with comprehensive visibility – if you can’t see the assets, the users, the traffic, and the
vulnerabilities; you can’t protect the organization from attacks originating from them. Basic Security
hygiene is important from protection from most common and known attacks perspective, but it’s not
sufficient. Proactive detection based on behavioral science to detect anomalies has become the need of
the hour. However, most machine learning and behavioral science-based solutions produce lot of false
positives and create an alert fatigue. It’s very important to also have advance correlation engine, which
correlates historical situational context along with machine learning anomalies to reduce the false
positives and accurately find the real attacks rather than getting bogged down by least important issues.
Once the attack is detected, the solution should also provide automated real-time response built in. The
organization cannot rely on human intervention by Security Operations Center (SOC) analyst to analyze
it before responding. The solution should respond automatically and stop the threat. The SOC analyst
can analyze it and adjust later, but the attack needs to be stopped immediately in an automated manner.
Furthermore, this solution and framework has to be continuously adjusted and adapted to changing
posture of the organization in digital era where more content and applications are moving to the cloud
and employees are preferring to work from anywhere, using any smart device to access the organization’s
data which has to be omnipresent.
However, the ‘Defense in Depth’ model that most cyber security vendors are building through acquisitions
of various silo products is not addressing the requirements of the ‘Comprehensive Cyber Security’. It’s
making the overall solution very costly because of the multitudes of silo products required to achieve it
and the increased complexity to manage them. Moreover, it
seldom actually achieves the stated primary goal, ‘To stop the
data breaches’ at any cost.
So, let us look at what a ‘Comprehensive Cyber Security’
solution should have. First and foremost you need a fast-big-
data streaming platform. But don’t confuse this with handling of
large data-lakes. There is a lot of confusion, most vendors when
they talk about fast big data, they think that it’s storing, ingesting
and analyzing the petabytes of data using data-lake. This is a
flawed strategy. You don’t want results after few hours or days.
You want them in real-time, so you need fast big data streaming
platform that produces results in real-time within seconds.Figure 1: Requirements of Comprehensive Cyber
Security