On the other side of the hill....

I have often heard people discuss a large cybersecurity initiative and conclude “once we get over this hill” they can move back to a steady state of activity. “As soon as we get over this IoT hill we’ll be in good shape”, “When we get over this DMZ migration hill we’ll have more time” and so on.

Experienced cybersecurity professionals know the reality: On the other side of the hill is a mountain.   I’ve used this analogy for years and find myself using it more and more as each year goes by. It doesn’t matter who the client is, what size they are, nor what industry they’re in. There is a mountain that they can’t see yet, but it’s right over this hill.

As a cybersecurity architect, I’m constantly thinking about that mountain because I’m the one developing the 3-year plan and the next generation system.  As I’m researching for these plans and systems, I can see that tremendously sophisticated systems in a tight-knit integration is the only way forward. I can see the incredible success our adversaries have. I can see there is a mountain on the other side of this hill.

As our regulatory environments require better systems and our adversaries develop incredibly complex systems of their own, cybersecurity architects need to always keep the mountain in mind. A few of the design goals I use to insure we can scale the mountain:

Design underpinning systems:  Centralized repositories, log management, network fabrics and unified directories that sophisticated cybersecurity systems can be built upon. 

Design for drastic scaling: Cybersecurity systems will need to be able to be scaled to much greater levels than the client size would indicate. UEBA and AI require much more data be delivered to the SIEM. CARTA asks us to continuously scan for configuration issues, and so on. 

Design for Integration: DAM and SIEM and VM and CMDB and all the other acronyms deliver considerably more value when they can be integrated, correlated and enriched.  We need to insure we are designing the systems to both share data and execute functions in both directions. 

Design for visualization: The only way the client will understand the mountain is with data visualization. Yet reporting, metrics and dashboards are often left out of architectural planning. We need to insure we’re designing for this.  

Design for continuous execution: CARTA and CCM should be daily use vocabulary for the cybersecurity architect. Design systems that can withstand continuous external automated penetration tests. 

Design for Zero Trust:  Many enterprise systems have real problems when planning a zero-trust architecture. Our clients need a lot of help here.

Design for resilience: All cybersecurity and LOB systems need to be considerably toughened up. This might use anything from load balancing to microsegmentation. 

Design to survive a breach: Mountain climbers learn self-arrest techniques and clip in everywhere to keep a slide from becoming a fatal fall. We need to do that too.