Erin O’Malley wrote an interesting post about Hitting the Right Note With a Security Delivery Platform that I would like to share.
“In 1985, F. Murray Abraham won the Academy Award for Best Actor for his masterful performance as the cynical Salieri in the movie Amadeus. I loved that movie. From Wolfie’s maniacal and childlike laughter throughout to the choice scene when Salieri recounts his sneak peek at Mozart’s Serenade for Winds, K.361: 3rd Movement:
“On the page it looked nothing. The beginning simple, almost comic. Just a pulse. Bassoons and basset horns, like a rusty squeezebox. And then suddenly, high above it, an oboe. A single note, hanging there, unwavering. Until a clarinet took over and sweetened it into a phrase of such delight! This was no composition by a performing monkey! This was a music I’d never heard. Filled with such longing, such unfulfillable longing, it had me trembling. It seemed to me that I was hearing the voice of God.”
Mozart was a musical genius. As per Salieri, it was as if the man himself were a conduit for the voice of God. Not only did Mozart seem to possess a unique ability to see music in motion, but he could pluck from heaven the best bits and string them all together into these unimaginable and unforgettable symphonies.
What if something similar were possible with security?
Symphony in SDP Major
To conduct a symphony, you don’t have to be a prodigy like Mozart, but you do have to be at least as smart as Salieri—who had the right training, expertise, and instruments on hand to get the job done. When it comes to security, rather than the ability to recognize that something is beautiful, it’s about having the right tools to both recognize a sour note (coming from anywhere in your infrastructure) and investigate further to determine if there is something sinister behind it.
In and of itself, a security delivery platform does not offer security—just as a conductor does not necessarily compose or play music. A conductor’s main job is to direct—because he knows music, knows how to lead an orchestra, knows how to get the most out of the musicians and their instruments. And like a conductor, a security delivery platform is designed to orchestrate and automate for better visibility—because it knows and understands security, with the benefit of having a pervasive network view.
Not to call a security delivery platform the second coming of Mozart, but as the man saw music in motion, a security delivery platform can see and help secure data in motion. In fact, it is becoming a foundational building block of any cybersecurity strategy. A security delivery platform lets organizations deploy and scale a wide range of security solutions. It delivers visibility into lateral movement of attackers, accelerates detection of data theft activity, and can significantly reduce the overhead, complexity, and costs associated with security deployments. With the growing sophistication of today’s cyber threats, it is no longer sufficient to focus on security applications alone. The new and critical pieces of the puzzle are how to deploy those solutions and how to ensure they get consistent access to relevant data.
For the most part, security tools work independently. And yet, all of these different tools need the same data and often need to talk to one another. The problem is that they all have their own APIs, but who wants to go ahead and write to 50 different APIs? That’s an N-squared problem. A better plan is to leverage a security delivery platform that all the tools can plug into; that acts as a conduit for communications between them to improve interoperability; and that provides managed intervention for automating processes around security workflows and reducing the time from detection to containment.
Rock Me Metadata
Just as Salieri described Mozart’s piece, when independent instruments can come together with the right notes and at the right tempo, they can create something grander and more beautiful than themselves—to become a whole that is greater than the sum of its parts. Had he caught a passing glimpse, say, into some Silicon Valley conference room, he may have decided to share:
“On the PPT slide it looked nothing. The architecture simple, almost comic. Just an antivirus. IDS and IPS, like every other security stack. And then suddenly, high above it, a security delivery platform. An encrypted SSL traffic stream, hanging there, uninspected. Until a metadata engine took over and sweetened it into a phrase of such delight! This was no security from an average solution provider! This was a protection I’d never seen. Filled with such visibility, such unbelievable visibility, it had me trembling. It seemed to me that I was sensing the ever-watchful eyes of the mythological god Argus.” “