The rising popularity of remote working now guarantees that our future workspaces will be hybrid, which presents many problems for security professionals. Hadi Jaafarawi, Managing Director – Middle East, Qualys, explains why he thinks the answer lies in a unified cloud-based response.
The Middle East region is known for its propensity to adapt. The past 12 years have doled out two global economic crises – 2008’s Great Recession and the economic turmoil caused by COVID-19. It was here, in our region, that some of the world’s greatest innovations occurred, as enterprises, public and private, found ways to do more with less. This was made possible because of cloud computing ecosystems.
The latest changes have been so jarring that we have begun to casually throw around the phrase ‘new normal’. And not without reason. Pure on-premises environments were rapidly becoming a thing of the past before the pandemic, not least because of the lure of cloud as a platform for cost efficiency and operational agility. The rising popularity of remote working now guarantees that our future workspaces will be hybrid: New. Normal.
This presents many problems for security professionals – an eclectic carnival of devices, a vast attack surface, a lack of control over all of it and, of course, rising expectations. Under such pressure, it would be tempting to take it one day at a time, procuring different components of a security solution in separate roll-outs: endpoint protection, network monitoring, cloud security, container security and so on. This approach, unfortunately, leads to an uneven threat posture – a multi-vendor tapestry plagued by false positives and overworked human resources. In the hybrid-workplace future that is to come, we will need to do better.
The unified response
Let us take a step back and imagine what tools we can leverage to gain a properly filtered view of our technology environment that automates the mundane and alerts our security team only to genuine ‘activities’ of interest. Let us consider what is required to ensure a holistic solution that does not cost us prohibitive sums while diverting resources from more innovative pursuits.
A unified cloud-based response fulfils all these ambitions and more. We will all soon have at least one foot in the cloud. And when it comes to security, the massive compute power extant within such environments is ideal when trying to deliver real-time information on everything from suspicious network processes to the upgrade status of apps on the endpoints. Low latency is all important in delivering such capabilities, and the most practical and obvious place to find this responsiveness is in the cloud.
Real-time visibility ensures that you can manage the complexity of an environment where attacks can come from anywhere (a multi-vector response). In a world where the endpoint has become the new perimeter, users are now an even weaker link than before. A careless click or a thoughtless swipe and you may be dealing with a showstopping data exfiltration.
Weeding the garden
But you just as commonly may be dealing with a dismissible relic – an old penetration method fruitlessly seeking to exploit a long-patched software vulnerability. Your problem, if you run a patchwork of vendor solutions, is that you cannot tell the difference. But with a unified, cloud-based threat assessment, your cloud ‘brain’ has already decided your response, presenting a high-level view (with granular drilldown options) only of those risks classified as both new and potentially hazardous. This saves your tech team hours of combing disparate dashboards, reports and data logs trying to figure out if, and when, they should act.
Vulnerability management is handled similarly in such unified solutions. Not every vulnerability requires direct and time-consuming action. By maintaining a robust asset registry, the cloud brain can keep tabs on what critical upgrades are required on which machines and very often apply them without the need for manual intervention. Yet more time is saved. And vulnerability management, detection and response (VMDR), endpoint detection and response (EDR) and network security are all bundled within the same solution, so policies can be set by security teams that are unified with those of other technology teams and allow an organisation-wide stand against bad actors that recognises and accommodates all of your business’ goals.
Freeing up responders
When all points of defence are co-ordinated in such a tightly unified model, response capabilities are consequently sharpened. Instantaneous action now becomes possible. The latest critical patches and the small-time digital pests have already been taken care of by automated processes. So, when something with a potentially high risk is found, trained professionals – whether inhouse or part of a managed service – are available to act. And because of the Big Data capabilities of the cloud brain, actions that are taken are targeted and effective.
In a changing world, we can ill-afford to scramble about learning new tricks. And yet, that is all that bad actors ever do. A unified cloud-based response to cybersecurity means that organisations can stop scrambling and start winning and not just against cyberattackers. Because once you can count yourself safe from the cyber-villain, you can finally devote your energy to enhancing customer service, partner engagement, operational efficiency and all the things that help you differentiate yourself in your operating market.
So much becomes possible when you have taken a unified threat posture.