What Can We Do To Stop the Rot
Why the security industry is failing our user base and what can we do to stop failing?
As we get better at identifying threats and vulnerabilities at scale, we forget that ultimately we are constrained by the people doing the implementation. In the past, security program implementation was often hampered by poor tooling that did not integrate with existing IT and development processes, would require security expertise to operate and triage the results, which would hamper the successful implementation of these tools to the boots on the ground. These days as these tools have been refined we have reduced the requirements to have security expertise to operate efficiently, automation is doing an excellent job of finding security weaknesses at scale. However, now, we are causing the problem of too much information overload. Security teams are overloaded and cannot triage at scale. Their approach can be to hand off the triage to the development and IT teams to Triage often to teams with little or no security knowledge. Compliance Policies don’t account for the volume of issues now being identified and can often lead to too much needing fixing with little appreciable security posture impact.
What can we do to stop the rot?