Martin Roesch, Vice President and Chief Architect of the Cisco Security Business Group, said that complexity is a real problem to be addressed and while we complain about it, no one does anything about it.
“It is a big deal as there are 551 vendors here, does that mean it is 551 complimentary things?” Roesch, who founded Sourcefire, discussed that he had talked to an IDS vendor who were building a company around technology, and he advised them to think about what they were bringing, and the cost to implement on top.
“With a new way to detect, and stuff to detect with an engine you are going to get complexity as there is a new user interface, recording engine, new events feed and I don’t know if they are doing any favours than bringing it to market,” he said. “I told them to consider how it will be consumed and the ability to do security altogether.”
Roesch said that there are two axes for security complexity: the complexity of managing technology itself and creating policies and deploying to devices, and managing the health of devices; and there is the analytics complexity and doing something useful with it. “What happens when I get five, ten or 50 devices, what about the management complexity? The complexity of managing five technologies is five times that,” he said.
“This is something as an industry we need to think about and it is a trap for industry and we cannot continue to bring the same problem as it is not working well obviously.”
He recommended of following a path of: integration; consolidation with fewer devices and more capabilities; and automation and fundamental pieces to do it.
“One way to get rid of false positives is to effectively contextualize events in fashion and figure it down to a refined set of data with automation, and leverage it to drive a smaller set of events for the environment, regardless of whether you are doing it or not.” Roesch said that a lot of companies want to sell security as an easy buy and do a good job of selling systems that solve easy problems through their box.
“As we continue with a proliferation of boxes, we are not going to be able to scale as there is no notion of simplicity,” he said. “I believe this is something we can drive forward and I believe as an industry we need to think about and focus on to give you solutions that you live with and will work. Ask your vendors about consuming complexity and can they consolidate services and software in partnership. Think about this in a fused manner as it is critically important as an industry.
“If we change how we think about security, in my role this is what I believe will be an important part of the future for all of you and all of us too.”