Is it Just Another Buzzword? Or a Building Block of CloudSec And Zero Trust? Not surprisingly, during recent meetings, customers often asked me how to manage all cybersecurity tools. According to the I am not alone. It is top of the mind of many CISOs that to fight the cyberattacks’ perfect storm: multi-cloud and remote work security. Gartner Top Security Technology Trends for 2022, a consolidated while distributed security architecture is essential It looks pretty contradictory with each layer, but it is not. Let’s consider the following service-based application as an example: AWS Lambda and Azure Functions are being used as content pages from containers in different Cloud providers, including Google Cloud Run; Cloudflare is being used as a CDN (Content Delivery Network); Developers use Okta as an Identity services provider. It is actually what customers are using nowadays. Just consider how many service providers and models are in the picture. And what’s more? It is only part of the big picture. To protect anything under these conditions stresses the existing cybersecurity architecture. Therefore, it is time for a new and better approach — Cybersecurity Mesh Architecture (CSMA) which aims to reduce the need for one specific computing environment. Everything is Decentralized (Workforce, Perimeter, Information, and More…) Because of COVID, companies accelerated their digital transformation initiatives to get ahead of the curve in a battle for existence. As a result, many companies have adopted the latest technologies to enable and encourage remote working trends. With the and remote working being the “new normal,” organizations have their assets, employees, partners, and customer base globally distributed in different locations. Thus, critical data and assets are exposed outside the traditional security perimeters, making it challenging to rely on legacy controls to protect them against advanced cyber threats. work-from-anywhere scenario The traditional technology stack is breaking down because They’re also using to adopt an that works with distributed services (key to cloud security, web3, and DevOps). more people use microservices. blockchain and other trust models information-centric security model states that new attack surfaces have opened up due to a pandemic-inspired shift to remote work. Remote workers, cloud adoption, DevSecOps, IoTs, and other parts of digital transformation . The answer to this problem is a A recent Gartner report require flexible and scalable cybersecurity strategies scalable, integrated, and automated cybersecurity mesh architecture. What is Cybersecurity Mesh Architecture (CSMA)? has specified a growing gap in interoperability between security tools. Moreover, there are wasteful overlaps in multiple devices or software— each being paid for through its own licensing. Gartner Under CSMA, each device will be introduced into the infrastructure as an integrated, carefully designed part of a consolidated security posture. Also, Gartner defines the cybersecurity mesh as a distributed architectural approach to flexible, scalable, and reliable cybersecurity control. According to the report: “ ”, below are the four fundamental layers of a CSMA: Top Security Technology Trends for 2022: Cybersecurity Mesh security analytics and intelligence consolidated dashboards distributed identity fabric consolidated policy and posture management , storing a secret key in Microsoft Azure is different from using that in AWS or Google, such as: Using key management as an example Azure Key Vault; AWS CloudHSM; Google Cloud Key; On-prem HSM appliance. (keeping the key/ secret from being exposed or unauthorized access). As a result, the same consolidated policy and posture management translate to different configurations and deployments in various form factors, i.e., distributed security controls. While each application/ service is distinct, technically and operationally, they are being used to meet a similar policy goal Similarly, consolidated policy and posture management translate abstract policy objectives to specific configurations on individual providers that benefit overall security posture. For example, developers often re-use keys to access different resources and forget to separate those from developments with productions. For example, can help ensure that all encryption key accesses are monitored and comply with corporate policy or security standards. It can also align all configurations with different providers. a cloud security posture management platform Common Languages in Cybersecurity Space To have better integration and let all the tools work together, they need to “talk” to each other. For example, we are familiar with “IOC” — Indicator of Compromise in threat intelligence sharing. However, it would not be possible if all vendors shared their own sets of indicators without standardization. As a result, CSMA also needs common languages — like open standards and common APIs to support the integration of different vendors. Below are some examples of existing common standards: IOC — STIX/ TAXII, SIGMA Threat Intelligence — OpenDXL (McAfee), SCAP v2 (NIST) Network — Netflow, IPfix Authentication — SAML, OAuth, FIDO2 Framework — MITRE ATT&CK and D3FEND, CVSS, OWASP Top 10 Threat Hunting — Yara, Snort, ZEEK Suppose we need CSMA to work in a SOC environment where cybersecurity professionals are serious about security monitoring. To make threat intelligence meaningful analytics and intelligence, we need to put together information about threats and assets. Therefore, not just the data exported from all security devices but also other data sources like identity and assets’ context information should also be standardized. We need a standard process to collect and correlate events and logs. Lastly, there is integration in every part of the data flow to have tools work seamlessly together. As security professionals, we need to keep doing what we are doing in the short term. We can do our job by using any number of products that help accomplish the four layers of CSMA (as described above). Therefore, organizations align their multi-cloud and work-from-anywhere strategies to decouple from the policy enforcement. Adopting CSMA also helps eliminate silos in the security stack, and we will see less and less “perimeter-based” security in the latter stage. How to Do it? Think As a Zero Trust Dates Back Just like the adoption of Zero Trust, practitioners who understand the advantages of the CSMA model can be on the lookout for security products that support it. The endorsement of zero trust as a plausible architectural model has changed how cybersecurity practitioners assess and audit cloud-native companies. Consider what the Zero Trust journey begins and what it becomes nowadays. The concepts supporting zero trust are not new: for his doctoral thesis on computational security at the University of Stirling. coined ZT in April 1994 Stephen Paul Marsh The complications of determining the perimeter of an organization’s IT infrastructure were highlighted , discussing the trend of what was later coined “De-Perimiterisation.” by the Jericho Forum in 2003 referred to as . In 2009, Google implemented a Zero Trust architecture BeyondCorp , an industry analyst at Forrester Research Inc, popularized the term John Kindervag “Zero Trust Network” in 2010 And now, companies and vendors have formed around the zero trust architecture. It has also driven new features and innovation in existing vendors’ product portfolios. As a result, it has driven initiatives in end-user technology organizations. Likewise, acceptance of CSMA as a feasible architectural strategy can potentially simplify architectural discussions around multi-cloud, hybrid cloud, container security, and security orchestration and response. Final Words The concept of the cybersecurity mesh assumes how widely available truly composable security services are. As a result, these solutions feature an architecture created to scale agilely . CSMA also names common frameworks for everything — from contextual and threat analytics to threat intelligence (TI), and security controls integrated via APIs. through an API-first approach According to , Gartner’s predictions “By 2024, organizations adopting a CSMA will reduce the financial impact of security incidents by an average of 90%.” A practical cybersecurity mesh architecture will demand stronger, consolidated policy management and governance. For example, it’ll be crucial to orchestrate more suitable “least-privilege” access policies, which organizations can accomplish using a centralized policy management engine with distributed enforcement. Yet, we still need some glue to help us stick all the available tools together. Luckily, with the recommendations in Gartner’s CSMA report, integration becomes possible with common cybersecurity languages — APIs and Open standards and carefully puts all the existing security stack into play. Thank you for reading. May InfoSec be with you🖖.

Flow

Glue

Google

Microsoft

Zeek

Incomplete Guide for Securing Containerized Environment

How to Harden K8S: Based On the  Recent Updated NSA's Kubernetes Hardening Guide

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

CSMA is More Than XDR — An Introduction to Cybersecurity Mesh Architecture

CSMA is More Than XDR — An Introduction to Cybersecurity Mesh Architecture

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

10 Lessons from 10 Years of AWS (part 1)

10 Lessons from 10 Years of AWS (part 2)

111 Stories To Learn About Architecture

13 Expert Tips to Improve Your Web Application Performance Today

4 Skills You Need to Become a Distinguished Developer

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

10 Lessons from 10 Years of AWS (part 1)

10 Lessons from 10 Years of AWS (part 2)

111 Stories To Learn About Architecture

13 Expert Tips to Improve Your Web Application Performance Today

4 Skills You Need to Become a Distinguished Developer

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps