The CISO White Elephant Party

The holiday season is the storm before the calm. Available time is occupied with getting ready for end-of-quarter / end-of-year, squeezing in meetings before folks depart, shopping, and of course attending white elephant gift exchange parties.

These parties are notorious for exchanging absurd gifts that are burdensome, possibly expensive, and serve little purpose. If you’re attending a white elephant party among Chief Information Security Officers (CISOs), here are a couple of “appropriate” gift ideas.

Item 1: Traditional Security Information and Event Management (SIEM) solutions

Even though SIEM technology has been a mainstay of security operations centers, they’ve proven woefully inadequate at addressing advanced threats, which is the ostensible purpose for which they’re bought. There’s no stronger proof than the presence of SIEMs during the mega breaches that occurred over the last couple of years. SIEMs collect telemetry from traditional perimeter-based security technologies, like Firewalls and Intrusion Detection Systems, which are highly myopic in nature. Gleaning meaningful insights from incomplete data snapshots would be nothing short of a holiday miracle. You end up with a litany of alerts that are neither helpful nor actionable. Little purpose? Check. Burdensome? Check. Expensive? Two checks! In short, the perfect CISO white elephant gift.

Item 2: Next-generation Anti-Malware Solutions

Malware has plagued organizations for decades and the situation has continued to exacerbate. We all know that signature-based defenses won’t catch advanced threats.  So a number of vendors have come out of the woodworks to propose new signature-less approaches predicated on sophisticated algorithmic approaches, possibly leveraging machine learning techniques. It’s not that those techniques are horrific or rooted in bad science. It’s that those techniques are hardly new. All the traditional vendors have been employing them for quite some time.

While machine learning based techniques can catch malware, these techniques don’t move the needle by as much as one might think relative to what’s available today. Applying (supervised) machine learning techniques in the context of malware defense involves the automatic generation of generic models that describe malicious software and then applying those models to identify threats in your environment.

But care is required. If the model is too generic, it will start labeling otherwise benign activity as malicious with alarming frequency. Each potential legitimate transaction represents a landmine that machine learning algorithms have to sidestep. If the model is too specific, it will fail to detect threats. And motivated adversaries can find ways to sidestep them easily. Again, we have the makings of a perfect white elephant gift.

What these two “gifts” have in common is that they take on an approach rooted in preventing threats in isolation. However, the key to addressing advanced threats is to understand not just the isolated threat, but the underlying attack. Doing so requires deep and pervasive visibility, allowing you glean meaningful and actionable insights.

The upshot is that if you find yourself being the unfortunate recipient of one of the above presents this year, consider re-gifting it at next year’s party.

The post The CISO White Elephant Party appeared first on Speaking of Security - The RSA Blog and Podcast.