Otherwise — cyber security is doing great — except for the billions in wasted spending AND the risk to our way of life
In a discussion with a CISO at the helm of a very large global financial recently, we commiserated about the state of the security industry.
Eventually, we came up with the above formulation. We chuckled a bit.
And then we briefly locked eyes and said — ‘but it is true.’
So — inspired by the many people I’ve met in cyber security whose powers of directness inspire me — let’s spell it out:
Your tech is old:
The technology of cyber security is, broadly speaking, systems for indexing logs and rules that attempt to make sense out of these logs. Let’s not focus on vulnerability management for now or anything GRC (governance regulatory and compliance) which are even less deep tech than log management.
Indexing is challenged by the sheer scale of the logs being ingested. And the larger the scale, the slower the indexing, both for ingestion, or writes, and queries, or reads. While there has been some innovation, all of the techniques include trade-offs.
For those interested in diving into these approaches and their trade-offs:
How these limitations manifest themselves include requiring quite a bit of data engineering to get the logs ingested efficiently — and then challenges in running queries efficiently. Systems that seem valuable at small scale encounter challenges as they scale, requiring significant investments in systems and expertise to remain useful at scale.
Machine learning was supposed to help — however because earlier generation ML models are brittle and break or drift when the environment alters, these time-saving models often become time sucks. Today’s machine learning systems used in cyber security require constant tuning. And because they were trained on attack patterns and are built around human feature engineering, they are only effective if the humans who built them anticipated the future attacks of our adversaries.
You can see these challenges to the existing platforms playing out in the cyber security market. All of the platform players in security are wrestling with massive data problems, typically acquiring logging companies to buttress their aging foundations; by the way, shout out to my StackStorm team that made its way over to Scalyr and then to SentinelOne.
Moving on to the second indictment of our industry….
Your business models are archaic:
Not only are the security platform companies challenged by data volumes, they also are challenged by more up-to-date business models such as per drip models, without large commitments.
On the other hand — can you blame them? This is data gravity at work again — and when it takes a crack team of engineers to exfiltrate data from your vendor, you are truly locked in. No wonder Cisco sees in Splunk the opportunity to further raise prices.
Which leads us to the next charge against our industry…
You are burning out your teams:
Imagine you work for an industry that spends and loses more and more every year, and now is being blamed for increasing economic and political instability. And what if that industry was known for flushing reputations that firms had built over generations in a matter of hours — how would you feel? And, also, consider you are not seen as a star of the innovation parade, but rather the guy with the shovel behind the elephant.
Plus even your well-meaning bosses seem to make the situation worse, thanks to their reliance on aging vendors whose products underperform and whose business models suck the budgets dry, contributing to perpetual understaffing.
How would you feel? How do you feel?
It’s a grim picture, drawn from recent surveys:
So there you have it — cyber security seems to be an industry whose tech is aging, whose business models are anti-diluvian, and which is burning us out.
But wait — there’s even more
Cyber security spending is over $200bn per year and losses from cyber attacks and crime are measured in the trillions of dollars. Autocratic regimes are garnering positive ROI from their cyber attacks, which are often profitable, destabilize the open societies countering them, and are so far largely immune to consequences. Add AI — as a means to further increase our collective attack surface while boosting the productivity of adversaries — and the future seems glum.
That’s all folks!
Is that it? Are we as bad off as our cyber security leaders tell us?
“The pace and intensity of cyber threats have never been higher. We must prioritize investments in advanced detection and response capabilities to protect our open society against adversaries who are increasingly capable of launching sophisticated cyber operations against us.”
General Nakasone, Commander of United States Cyber Command. Testimony to the Armed Services Committee March 7, 2023.
And is this screed too negative?
What do you think?
At Deep Tempo we believe we are on the verge of collective defense via deep learning. We are optimistic that together we will return the initiative to defenders… but that is a post for another day.
Thank you for reading and please do share your thoughts and feedback!
