Michael Dickman, Chief Product Officer at security provider Gigamon, reinforced the concepts of “assume breach” and the application of network observability capabilities during a keynote address on innovative cybersecurity approaches at the Visualyze Zero Trust Security Summit hosted by Gigamon and MeriTalk on Feb. 29.
The Gigamon official talked about key tenets of the Federal government’s broad move toward implementing zero trust security architectures, and efforts by the Cybersecurity and Infrastructure Security Agency (CISA) to advance zero trust security aims at civilian Federal agencies, and the Defense Department (DoD) to do the same among the military service branches.
“DoD, CISA and many others have been great leaders,” he said, while explaining that outside of government, “innovative private enterprises are adopting these same models … because of how good they are, how complete they are, and how helpful they are.”
Broadly on the zero trust front, Dickman cited good progress in adoption of multifactor authentication, endpoint detection and response, and micro-segmentation concepts, with adoption of secure access service edge (SASE) technologies catching up as well.
“I think as an industry, as a group of practitioners and security leaders, we should be proud of this work,” he said.
Despite those security practice gains, Dickman also cited statistics showing record breaches of public and private sector organizations in 2023. “That’s because attackers are upping their game as well. They have more funding, more resources, more intelligence, and now you have AI coming into play” to the benefit of both network defenders and attackers, he said.
“I want to propose that we can’t solve everything at once. We have to prioritize, but there is something that I think we have forgotten, and I think we have forgotten this idea of assume breach,” he said.
“For everything we are doing, and all the good work, there are adversaries in the network right now,” he said, adding, “so we need to find those quickly and root them out and minimize the blast radius” of their intrusions.
A central factor in cyber defense going forward is increasing observability and avoiding mistakes by “only looking for those things where we have instrumentation” deployed on networks. Likening better observability to “lighting up the street” on a dark night, he said, “this is really what we need to do to complement all the other controls – is to assume breach and be able to look really carefully.”
“Attackers and adversaries are hiding and it’s difficult to predict where they will attack,” Dickman said. “In general they will attack on the weak points, not the strong, and they will find unpatched software. They will find where the user is vulnerable.”
“So we have to find this way of assuming breach, truly embrace that, and stop threats before they do real harm,” he said.
He also cited the complexity of data from across numerous cloud environments and said “there have to be tools to process that.”
“There are all of these tools to make those environments better, and to be able to see this data to actually detect trends,” he said. “But those services don’t work if they can’t see what they need to look at. So the smartest AI threat detection engine in the world still needs to see the underlying telemetry in order to detect those threats.”
“To go back to that streetlight analogy – if you’re only pointing this very sophisticated AI threat detection at what you’re specifically instrumenting,” then other threats will not be detected, “so we have to bring that telemetry up to digital settings,” Dickman said.
“So how do you get this … information dominance for all of the communications and have the ability to see everything,” he asked.
The next big step from a technology perspective, he said, is “there has to be something in the middle, and this is what Gigamon has really dedicated the last few years to doing, which is to take what we’ve done in network visibility and try to stitch this into this compact focus on trust.”
“This is something we spend a lot of time and investment around, and it’s because we need that right intelligence at the right time and in the right way,” he said.