Cybersecurity threats must be tackled by automation, founder and former ConnectWise CEO Arnie Bellini told CPI at IT Nation Connect 2019.
According to Bellini (pictured) and MJ Shoer, executive director of the newly formed Technology Solution Provider - Information Sharing and Analysis Organization (TSP-ISAO), relying on humans to tackle the cybersecurity threat landscape is failing.
"The problem is that we are bringing a knife to a gun battle. In fact, we're not even bringing a knife, we're bringing a pocket knife. The way [cybersecurity] is done today, it's not a possibility to ever win the war. We're relying on skilled human beings and policies, but this whole thing has to become completely automated," Bellini said.
The initiative hopes to achieve this by creating a security orchestration and automated response language, or SOAR, that is open source and mirrors the journey of the World Wide Web, he added.
"Think about it - what if there was a worldwide, open source security language that nobody made money off but everybody used to help coordinate software and hardware to defend against cyber attacks? It's something I want to put in the public domain so that it will be completely ubiquitous; it'll go everywhere."
He noted this is why the Web became so important - because everybody uses it and it wasn't kept private.
"These security languages are being created, but they're being created exclusively by individual companies like IBM and other big tech companies so that they work with their suite of products. But that's not good enough. We need something that works everywhere - that's our loftiest goal with the TSP-ISAO."
As to why it's taken so long for such an initiative to be set up, Shoer said that the industry has historically been very protective of its own innovation, noting that "everybody wants to protect their IP; everyone wants to be the first to market with the shiny widget".
"I think that has been an almost institutionalized hindrance to the industry coming together in this fashion," he noted. "I think that most organizations have looked at their own threat intelligence as a part of their IP stack and tried to protect it. But, in fact, that's actually emboldened the bad actors because it's allowed them a much faster route to do their dirty work."
The initiative has already started the design construct for the SOAR language, along with research on the dark web, Bellini and Shoer noted. The execs added that they will have a beta feed of threat intelligence ready to launch 1 December in order to start soliciting feedback, with a full launch pegged for 1 January 2020. The goal of a fully automated system may, however, take a little longer, Shoer said.
"Our intention is to truly launch 1 January - that will be revision one, but it won't yet be fully automated. Will we be fully automated in a year? I'd love to say yes, but the realist in me says probably not. Will we have made progress? Absolutely. We've really got a lot of things going and we're going to push as hard as we can this next year. Our primary commitment is to be very communicative and transparent about our progress so that we set expectations and exceed them. We've got an obligation to get at this."
Some say performance, others say money but it may be systems and processes that carry the day
Azure Arc and Synapse are 'game changers', according to New Signature boss
Acquisitive UK distributor welcomes two more firms to the fold, on the same day its H1 sees a 43 per cent jump in operating profit
The investment marks an expansion in the region, a month after the vendor's EMEA boss said it was capitalising on rival NetApp's withdrawal of support