Panel: Threat Response Needs New Thinking
It's getting harder to distinguish between normal and unusual threat activity, with more sophisticated attacks exacerbated by hybrid work and soon - AI attacks. Defenders need correlated rather than isolated telemetry to get more signal and less noise, said Jeetu Patel and Tom Gillis of Cisco.
Security teams now need to look across multiple domains - email, web, endpoint and network - in a synchronized fashion to identify friend from foe. This needs machine scale for the quantity and quality of data and the correlation of different data sets across different domains. It can only be done through a platform, they said.
"It is essential for companies who cannot manage the complexity with 70 vendors and 70 different policy engines within their environments to make sure that they have fewer platforms. There will probably be half a dozen platforms," Patel said.
In this video interview with Information Security Media Group at RSA Conference 2023, Patel and Gillis also discuss:
- Creating a "synchronized symphony" of security defenses;
- How XDR with greater efficacy will redefine the security landscape;
- Why the security stack interface will change.
Patel spent more than five years leading Box's product and platform strategy. He previously served as general manager and chief executive of EMC's Syncplicity business unit. He was also chief marketing officer for the information intelligence group and chief strategy officer. Before EMC, Patel was president of Doculabs, co-owned by Forrester Research.
Gillis previously served as the senior vice president and general manager of networking and advanced security at VMware. Prior to that, he founded Bracket Computing in 2011 and served as its CEO. Before that, he was president and general manager of Cisco Systems' security technology group and vice president of marketing and co-founder of IronPort Systems, acquired by Cisco in 2007.