I’m a big believer in learning from case studies that address difficult industry problems or issues. I also enjoying hearing true stories from industry thought leaders who have achieved a level of success addressing these hard problems in an enterprise-wide context in both the public and private sectors over many years.
We know that lasting solutions must address people, process and technology as well as be flexible enough to keep up (or even ahead of) ever-changing new advances in the 21st century. Put another way, what worked yesterday may not work tomorrow — especially when we are talking about cybersecurity and defending enterprises from aggressive cyberattacks and hackers who attempt to cause harm.
Last summer, I offered this book review on the first edition of the book titled: Borderless Behavior Analytics. I described the book by posing a set of questions and issues that need to be considered as we head toward 2020: “What are leading enterprises doing in 2017 to counter these trends and prepare for the future? What trends in security, architectures and buzzwords are emerging? Where are we going and how can data analytics help solve our pressing security concerns?”
And now, a second edition of the book has been released with even more CEO, CIO, CSO and CISO luminaries, including best practices and insights from:
Jerry Archer — CSO, Major Financial Services Company Devin Bhatt — CISO, U.S. Federal Agency Nilesh Dherange — CTO, Gurucul Gary Eppinger — CISO, Carnival Cruises Gary Harbison — CISO, Monsanto Leslie K. Lambert — CISO at Large Jairo Orea — CISO, Kimberly-Clark Robert Rodriguez — CEO, SINET Jim Routh — CSO, Aetna William Scandrett — CISO, Allina Health Joe Sullivan — CSO at Large Teri Takai — CIO at Large What Topics Are Included in Borderless Behavior Analytics?
Business Wire describes the new book this way: “The second edition assembles insights and advice, lessons learned, and best practices from security thought leaders at major organizations across a range of industries, including financial services, healthcare, transportation, biotechnology, manufacturing, social media, government, hospitality and more,” said Saryu Nayyar, CEO of Gurucul. “These authors have witnessed and addressed major changes in the IT landscape — from the onslaught of mobile, cloud, IoT and more recently the Industrial Internet of Things (IIoT) and ICS/SCADA systems. The book also draws on expertise from industry analysts and leverages the deep bench of expertise at Gurucul.”
What immediately strikes me about this easy-to-read book is the vast amount of helpful commentary on so many essential technology and security topics, which is available in a condensed form from true experts who understand both the technology and business side of these topics. The Table of Contents lays out the following important content:
Acknowledgments Foreword — Vishal Salvi
Introduction — Saryu Nayyar
Impact of Cloud and Mobility for Identity — Gary Eppinger The Compromise and Misuse of Identity — Jerry Archer Insider Threats, Account Compromise and Data Exfiltration — Joe Sullivan Insider Threat Programs: Lessons learned and Best Practices — Devin Bhatt Identity, Access Risks and Access Outliers — Teri Takai We Need a New Approach — Key Drivers — Robert Rodriguez Discovering the Unknown: Big Data with Machine Learning — Leslie K. Lambert Big Data in Advanced Security Analytics — Nilesh Dherange Unconventional Controls and Model-Driven Security — Jim Routh Cloud and Mobility: Unknowns for Identity Risks and Misuse — Gary Harbison Applications Beyond Security: Behavior Analytics and Healthcare — William Scandrett Hybrid Cloud Environment Architecture — Jairo Orea Requirements for Borderless Behavior Analytics Advanced Security Analytics Use Cases Afterword — The Borderless Road Ahead — Craig Cooper A Small Sample of Thought-Provoking Excerpts:
“Nation states and highly skilled individuals, with vast resources and seasoned knowledge of the most effective way to attack companies’ vulnerabilities, carry them out. They move quietly within organizations, sometimes for years, rather than months, moving laterally throughout the computing environment, steadily acquiring everything they need for their malicious assaults. At the root of modern threats is the compromise and misuse of identity which gives the attacker access to the keys of the kingdom.” Nayyar, Saryu. Borderless Behavior Analytics — Second Edition: Who's Inside? What're They Doing? (p. 2). Kindle Edition.
“Traditional approach does not scale for complexity. Running security analysis, threat hunting and manual efforts on growing amounts of data in the traditional way becomes exponentially difficult. Add to that an identity perspective and there is simply no realistic way enterprises can scale internally to these demands. There needs to be a drastic game changer. It’s something where you must leverage the cloud, big data, and machine learning with predictive security analytics solutions that include UEBA and IdA models and use cases. …” Gary Eppinger, Carnival Cruises (p. 23). Kindle Edition.
“Big data’s scale lends invaluable insights. Today, security operations centers (SOCs) and cyber fusion centers are inundated with billions of events from the company network. It’s not humanly possible to review every event. That means CISOs must use big data analytical capabilities and machine learning to analyze massive volumes of events quickly. The question security leaders need to answer is: “Can we link the data to produce actionable results?” With so much data volume, how does one meaningfully monitor this effectively and take the right action?” Devin Bhatt, CISO Comptroller of the Currency (p. 106). Kindle Edition.
“Criteria of a successful security program. From a CISO’s perspective, of the three primary elements required for any enterprise to achieve a secure hybrid environment, the first and foremost is to ensure the security program is risk-driven, not compliance-driven. While a privacy program is traditionally compliance driven, a security program must be risk-driven. This requires an understanding of the threat landscape, investing in security intelligence, as well as consistently altering and adjusting controls based on changes in threat actor tactics. Regulations will always lag. Threat actor tactics are a leading indicator of which risk-based adjustments are required, not regulations. It is essential to be able to quickly adjust a security strategy based on threat actor tactics. This is done by the enterprise through the consumption of security intelligence from multiple sources and validation of the intelligence through ISAC members. Today, the alacrity and quality of the decisions made by a CISO related to shifting the tactics of threat actors will have more impact on an enterprise’s security posture and resiliency than the effectiveness of conventional controls from a risk framework.” Jim Routh, CISO, Aetna (p. 224). Kindle Edition.
“The new normal in hybrid environments. With the cloud, mobility and IoT, we’re now putting things on the network that were originally never designed to be there. This adds a concerning factor to any comprehensive security solution strategy, where some security leaders are patching in ad hoc solutions to address the immediate need as they see it. As a result, the risk aspect becomes excessive. The evolving challenges and the diminishing effectiveness of these feature-based point solutions grow apart, lacking a platform strategy, leaving serious security gaps and a widening threat plane.” Jairo Orea, CISO of Kimberley Clark, (p. 321). Kindle Edition.
What’s New — and Worth a Second Edition?
So what’s different about this latest version? There is quite a bit of updated and new content throughout. Here are some of the changes:
Foreword — Author: Vishal Salvi, CISO of InfoSys Introduction –Author: Saryu Nayyar (author of the book) Chapter 4 — Author: Devin Bhatt, CISO of Office of the Comptroller of the Currency Chapter 8 — Author: Nilesh Dherange, CTO of Gurucul Chapter 9 — Author: Jim Routh, CSO of Aetna Chapter 11 — Author: William Scandrett, CISO of Allina Health Chapter 12 — Author: Jairo Orea, CISO of Kimberley Clark Chapter 13 — Author: non-attributed Chapter 14 — Author: non-attributed Chapter 15 — Author: Craig Cooper, COO of Gurucul Final Thoughts
Some readers may ask why I chose to highlight the second edition of this book just one year after I reviewed the first edition. The reasons in this case are many — including the new content offered. Also, I find the experiences and examples provided by these industry thought leaders, who are outstanding executives with great track records of success, to be compelling and very helpful for enterprises.
Whether you are new to the security or technology industries, or have 30+ years of industry experience, you can certainly benefit from this excellent resource.
It offers "behind the scenes" glimpses into the thoughts of top tech executive leaders — and the Kindle edition is available for less than a cup of coffee.