Tony Bradley
Before the Cyber Monday, and Small Business Saturday, and Black Friday sales; before the Thanksgiving feast and the awkward tension of discussing the impeachment hearings with mildly inebriated family and friends and having to explain that Alex Jones is not a credible source of information; before yet another embarrassing exhibition by the Detroit Lions, hundreds of IT and cybersecurity professionals got together at the Bellagio Hotel in Las Vegas for the 2019 Qualys Security Conference.
The main event featured two days of keynotes, presentations, and breakout sessions. The opening keynote was presented by a man I admire and respect. Richard Clarke, national security and cyber risk expert and author of The Fifth Domain, kicked things off with an insightful look at the increasing role of nation states in cyber attacks, and a call to action for steps to be taken to establish some ground rules for cyber war—a sort of Geneva Convention of cyberspace.
Security at a Crossroads
After Clarke set the stage for what’s at stake, Qualys CEO and Chairman Philippe Courtot took the stage to share his thoughts on the challenges facing organizations today, and his vision for the future of cybersecurity. Technology and the threat landscape both continually evolve and expand, but Courtot believes we have reached a point of critical mass—a tipping point that requires a shift in how we approach cybersecurity.
Today In: Innovation
He provided a brief history lesson for the audience—walking through the timeline of computing from mainframes, to minicomputers, to client-server architecture, and now cloud computing. Courtot noted that each of those shifts has also had a fundamental impact on cybersecurity and exposure to risk. With each stage of the evolution, the number of devices or resources to protect has increased exponentially, and everything has become more connected—making it more accessible for both users and attackers.
Courtot talked about how the printing press made it possible to share ideas more broadly and provided the spark that became the Industrial Revolution. He emphasized that he believes that the internet and the advent of cloud computing are equally significant milestones in human history—dramatically expanding and democratizing access to information.
VMDR – Vulnerability Management, Detection, and Response
Ramesh Chinta, Group Program Manager for Azure Security at Microsoft, Scott Crawford, Research Vice President at 451 Research, and Steve Ocepek, CTO of IBM X-Force Red presented enlightening keynotes as well, but it was the Qualys Security Conference. Most of the sessions were presented by Qualys executives, sharing the current capabilities of the Qualys Cloud Platform with the audience, and providing a glimpse at what the road ahead looks like.
The main focus was around VMDR—a new solution unveiled at the Qualys Security Conference. VMDR—which stands for Vulnerability Management, Detection, and Response—combines asset discovery and inventory, vulnerability assessment, analysis of configuration controls, prioritization, remediation and audit capabilities in a single app.
In a press release announcing the launch of VMDR, Scott Crawford from 451 Research states, “With VMDR, Qualys integrates highly valued and much-needed asset visibility with vulnerability management so that IT teams can have full visibility of their global IT assets (known and unknown). This provides the ability to identify the exposure of those assets in real time, and to prioritize remediation by combining real-time threat indicators with asset context to remediate with one click and then audit the process.”
Security in the Age of Digital Transformation
There are plenty of statistics out there to paint a bleak picture for cybersecurity. Billions of records have been exposed by data breaches in 2019 alone. There are 350,000 new malicious programs and potentially unwanted applications discovered every day. A report from Cybersecurity Ventures estimates that there will be 3.5 million unfilled cybersecurity jobs by 2021 resulting from a lack of individuals with the necessary skills and experience. Combine all of that with the rapidly changing technology landscape and it seems daunting.
The challenge organizations have to face is how to improve—or at least maintain—cybersecurity while embracing digital transformation. Companies that don’t adopt cloud computing, cloud services, and DevOps culture risk being left in the dust by competitors. Companies that rush ahead with digital transformation without recognizing and addressing the inherent security concerns risk exposing their networks and data to unnecessary risk. It’s important for organizations to recognize that security is at a crossroads, and to adopt tools that will unify, simplify, and streamline protection.
No comments:
Post a Comment