An increasing unease has been spreading through the contemporary enterprise, superficial, yet simmering just below the facade. The recent CrowdStrike breakdown highlighted this tension dramatically — a scenario that we’ve been anticipating for quite some time now.
The advent of groundbreaking technologies occurs swiftly and is swiftly assimilated into the daily functions of the organization. Consequently, cybersecurity tactics aimed at safeguarding and supporting these innovations must adapt at a similar pace.
Over the past thirty years, we have delved deeper into an interconnected era. Beginning with personal computers, moving on to LAN setups, the internet and the cloud ecosystem, and now the resurgence of artificial intelligence. As cyber threats have evolved and escalated in terms of expense and harm, the focus of cybersecurity exclusively shifted towards our primary adversaries — intruders. In shifting focus, we overlooked the fact that cybersecurity is not solely about our battle against malicious actors, but also about our duty to facilitate resilience and creativity.
As this technological progression unfolded, so did the accountability for cybersecurity. Initially overseen by IT operations, the responsibility for information security transitioned to the SOC. This change, though necessary, introduced fresh intricacies and obstacles, new performance indicators at odds with the enterprise’s objectives, and a widening gap between cybersecurity figures and corporate executives.
This disparity in objectives between cybersecurity and the business has spawned an ongoing struggle — resulting in operational inefficiencies, increased chances for adversaries, and a loss of sight regarding the SOC’s core mission. Pursuing disparate security metrics at the expense of operational continuity is an inherently faulty tactic. Now, the future of the cybersecurity domain hinges on our capability to harmonize these two critical concerns.
Extracting Lessons from the BSOD Incident: The Urgency for Business-Aligned Cybersecurity
The catastrophic security event known as the ‘blue-screen-of-death’ in July 2024, attributed to CrowdStrike, underscores the risks of this imbalance. Lack of alignment with business apprehensions, negligent quality assurance procedures, and a uniform detection approach culminated in a breakdown.
Looking ahead, a cybersecurity strategy in harmony with the business is imperative. The momentum must shift back towards IT-driven prevention and risk management to minimize breach prospects (proactively) and lessen dependence on traditional and excessively aggressive “by any means necessary” paradigms for content updates.
As evidenced in July, if the flaws stemming from poor quality assurance processes are systemic — even a minor tweak in the subsequent update could lead to widespread failure. The entire cybersecurity sector must learn from this event — akin to our learnings nearly two decades ago — and strive to circumvent its repetition.
At Trend, we advocate for deploying updates gradually — commencing with our internal milieu. Quality assurance and phased rollouts constitute key measures to ensure both superior cybersecurity detection and operational continuity. We also maintain that excessive code running in kernel mode can lead to heightened disruption and vulnerability to security breaches. We optimize this aspect to sustain superior detection and harmonize with operational demands.
Segmented Agent Approach: Elevating Security Outcomes through Flexibility and Accuracy
Simultaneously adding to continuity risks are inflexible single-agent methodologies across the broader endpoint and EDR sphere. The notion of a ‘one-size-fits-all’ approach is not only outdated but dangerously simplistic in 2024. The call to action for vendors is clear: conventional one-dimensional thinking is inadequate to address contemporary challenges or bolster continuity practices.
Our extensive experience in the domain advocates a principled stance on adversary defense and protection: treating desktops distinctively from servers makes sense from both a security and operational standpoint. Endpoints, servers, and workloads present unique risk profiles and necessitate tailored protection. A bespoke and modular approach is imperative to safeguard the digital infrastructure while ensuring business resilience. Modules customized for specific scenarios within a unified delivery bundle empower cybersecurity leaders to activate (and deactivate) functionalities and deploy as necessary, where necessary, and when necessary.
By fortifying the enterprise environment with cutting-edge technologies like attack surface risk management and exposure control, cybersecurity teams and the companies they serve can attain a harmonized approach that augments continuity resilience through proactive strategies undertaken by the IT operations team. Merging security operations and superior detection with business continuity planning and ensuring neither is compromised for the other will be indispensable moving forward following this event.
Our Blueprint for Innovation: Tactics for Prolonged Technological Advancement
At Trend Micro, we maintain equilibrium between operational continuity and state-of-the-art security operations using an innovation strategy that has kept us ahead of the curve in the industry for more than three decades. The strategy is simple.
X = infrastructure transformations + user conduct – threats.
The formula is tried and true, consistently shaping and securing the industry’s future. It revolves around thorough comprehension and anticipation of infrastructure shifts, proactive analysis of user behavioral modifications, and preemptively countering new threat vectors while ensuring these measures enhance rather than hinder business operations. Through this approach, we’ve made it possible for organizations to forecast and preempt adversarial activities well in advance of their occurrence.
AI Era’s Influence: Upgrading the Need for Alignment
The recent wave of infrastructure modifications has been propelled by artificial intelligence. The assimilation of generative AI into business procedures unveils novel prospects and cybersecurity challenges. AI progress brings along significant potential that we eagerly embrace.
Tearing down data silos, enriching business intelligence, and accelerating individuals within the enterprise necessitate a new tier of sophisticated security strategies to safeguard this era of AI-driven operations.
This infrastructural transformation will reshape IT and security operations’ future and mandate a closer relationship between business and security operations with greater mutual understanding and unified metrics to gauge success. Cyber protocols must extend beyond mere detections to encompass availability and continuity.
From Responsive to Proactive: Envision Your Opponent, Own Your Attack Realm
Approximately two-thirds (66%) of IT Operations participants in our 2024 cyber hazard study claim that their organization’s risk level is increasing. A shift is evident in their capacity to respond with certainty, even from five years ago when IT Operations units had limited insight into real-time risk patterns. The tools integrated into our cybersecurity platform natively for operational excellence in IT have been instrumental in bridging this divide.
This sense of mounting risk may also stem from their primary operational concerns: vulnerabilities in the attack surface (17%) and the ability to prioritize repairs (13%). We understand that threats hidden from view cannot be eradicated.
In light of these trends, we anticipate corporate leaders to take responsibility for viewing risk holistically: connecting operational health and business resilience, embedding security into the corporate strategy, and recalibrating the security index versus.continuity gauge. Moving past pursuing fundamental MTTx indicators, the SOC will adopt risk minimization and alleviation as its vernacular, just as the business does — establishing a common ground to unite technical teams and business entities while upholding a comprehensive security strategy.
Cybersecurity squads embracing this mindset can more effectively foresee, endure, and bounce back from cyber disruptions through contemporary, adaptable, and forward-thinking methodologies.
Putting a Risk-Oriented Framework into Operation: Advice for Cyber and Business Executives
To implement this change, cyber heads necessitate regular briefings with corporate leaders — starting at a quarterly frequency — to exchange insights and devise strategies on quantified cyber hazard exposure, risk rectification, business stability, and protective measures. Proactive and ongoing interaction in these areas is crucial to shift from reactive stances and evolve cybersecurity tactics to incorporate cyber resilience. This broadened approach to cybersecurity and cyber resilience encompasses measuring risk and laying out plans for reduction to heighten the business’s robustness against cyber hazards and operational interruptions.
In practical terms, gauging cyber risks through financial modelling can help bridge the trust gap during boardroom updates by assigning concrete and shared values to potential cyber incidents. This quantification enables cybersecurity squads to closely align with business focal points by illustrating how cyber threats influence vital business facets such as efficiency, legality, reputation, and recovery. It also lays out a coherent financial rationale for corporate leaders to give priority to cyber resilience in their overarching strategies, facilitating well-informed, risk-focused decisions concerning cybersecurity investments and resource allocation. By converting cyber risks into quantified values — whether via scoring or monetary figures — cybersecurity teams can convey prioritization and significance to corporate leaders.
Embracing the Era of AI: Reshaping Infrastructure
This shift in mindset becomes even more imperative amid the uptrend of AI transformation. As the adoption of AI expands, it becomes necessary to review cybersecurity endeavors.
Our collaboration with leading industry players like NVIDIA centers on safeguarding the AI ecosystem within the contemporary enterprise, ensuring that its implementation is both potent and safeguarded. As enterprises increasingly depend on and incorporate AI into their functions, the need to prioritize business continuity and data confidentiality heightens within IT operations and the SOC. Simultaneously, Trend is spearheading the notion of the AI Mesh for the SOC, eradicating data silos through a unified data repository, enabling precise prognostications, fostering secure automation generation, and furnishing a common structure for security AI services to converse.
A Testing Industry’s Boundary: Paving the Way Ahead in Cybersecurity
As AI transformation gains traction at scale, it is crucial to acknowledge the role of cybersecurity across all facets of the business — no longer a segregated concern but an integrated part of a more extensive business risk strategy. Giving priority to cyber risk is an essential trust-building exercise with clientele, staff, and stakeholders that will yield consistent returns. We are dedicated to pushing and challenging the supplier community forward while equipping security executives and businesses with forward-looking strategies and the most potent tools in the marketplace to protect data and propel you forward.
For companies interested in discovering more about Trend Micro QA best practices…
What can companies begin requesting today? Enterprises serious about cybersecurity demand insight into their security collaborator’s procedures. Drawing from our top-notch practices, here are some instances of the processes to seek insight on:
– Continuity Strategy: Employing Zero Trust schemes for all mission-critical applications, this strategy guarantees that business users can securely reach applications even during potential disruptions. Our users can harness configurable features like content control versioning and scheduled tasks.
– Anti-BSOD Protocols: Testing and quality assurance (QA) tactics and safety measures specifically devised to identify driver and component issues at the development, testing, deployment, and recovery phases, comprising phased deployments and recovery phase in the unlikely scenario of a pattern or content issue.
– CI/CD/Engineering Approaches: Trend employs automated and human-centered testing, inspections, and validations to ensure that all updates fulfill rigorous quality, compatibility, and performance criteria, including stability. These methodologies are crafted using industry-leading benchmarks and mostly validated by third-party certifiers like ISO. Our ring deployment integrates sensitive and critical environment deployments.
About Author
