For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend.
However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries. In fact, the expanding digital footprint of modern organizations has made many traditional, centralized cybersecurity controls obsolete.
With data breaches continuing to rise at an alarming pace, there’s one thing that more security professionals and vendors need to recognize and embrace: we can harness our untapped strength by working together as a community to bring openness and transparency to security.
Open security — a methodology that shifts the dynamic of a security company’s relationship with its customer — has the potential to transform the cybersecurity industry by bringing security practitioners together to create a more resilient response to enterprise threats. Open security is not only the best defense for any organization, it should also be the path forward for the security industry as a whole.
The case for open security
The recent Log4j (Log4Shell) incident, which many people viewed as a security failure, illustrates why open systems can be more secure than closed systems. Because the Log4j library is open source, the discovery of a remote code execution vulnerability set off a global chain reaction of notifications and patches that likely saved millions of dollars in potential damage had the vulnerability instead been discovered by an attacker. Alibaba’s investment in open security paid off for everyone who was (or could have been) impacted.
Contrast that with a nation-state’s attack on the proprietary code at SolarWinds. In the years before it was discovered, the breach provided unfettered systems access to at least 100 companies and a dozen U.S. government agencies.
While Log4Shell may have been discovered in a closed and proprietary product, it's more likely a sophisticated adversary would have found it first. Openness makes it harder to hide or avoid fixing flaws in relevant products, which ultimately leads to better overall security.
[Related article: Why the best kind of cybersecurity is Open Security]
Dynamic threats require a dynamic response
Organizations cannot rely on static detections to identify threats and successfully stop cyberattacks. These tools are great at detecting a specific identifier for a file, for example, but an adversary could still easily make a minor change that entirely throws off the mechanisms for that detection.
To mitigate this, layers of defense must cover many points of the attack surface. Weaving together a tapestry of defense mechanisms increases the effectiveness of a security solution and provides organizations the opportunity to break the attack lifecycle at multiple points.
In addition to layered protections, cyber defenders also now have a better understanding of how adversaries operate. The MITRE ATT&CK framework®, a curated knowledge base and model for adversary behavior, outlines the phases of an attacker’s lifecycle and the tactics and techniques used to undermine a security defense. MITRE ATT&CK has provided cyber defenders an accessible and transparent playbook for defending their enterprises by providing a common taxonomy of adversary actions.
Security vendors should find opportunity in this same spirit of openness and transparency.
Open security can help practitioners mind the gap
Despite the evidence, there is still a misconception that software openness is inherently less secure. Many security vendors hope that by not providing the mechanisms used in their detection of a threat, it will make it harder for an adversary to identify weaknesses in their software. But today’s cyber criminals already have the tools to understand if a security system can identify them before they even breach that system.
Given this reality, open security offers an opportunity to short circuit the problem by reducing the time to detect when a new threat slips through the cracks. When a security guard is reviewing security camera footage, they know exactly where the cameras are pointed and where they are not. This helps them identify the vulnerable areas that are outside of the camera’s line of sight and can help them determine if any further investigation is required.
Understanding gap coverage means that security practitioners can uncover where they need to supplement their existing security tools or more carefully and proactively monitor for threats. It enables security teams to build the best possible defense for their specific environment — not just environments that are perceived as having an adequate defense.
A community approach to scalable security
Another benefit of open security? The community that is born from vendors being transparent about their security controls, detection rules, and threat logic can be a force multiplier of best practices across the entire industry. Security vendors that cross-reference their own experts with experts across the broader security community learn much more about new threats they’ve observed or innovative methods for detecting nuanced attacks. This creates greater scalability of system defenses — not just for the enterprise but also for their customers and their data.
It’s important to remember that security goes beyond threat detection — it’s also about the ability to take action on that threat. How can an attack be stopped? And what can be learned from forensics to strengthen defenses against similar threats moving forward? When vendors make security open and transparent, it allows them to continuously improve their tooling beyond what they would have been able to do using their limited internal resources.
Ultimately, open security is about trust. Trust that your security software will protect your company against the latest cyber threats, and trust that it will operate in a unique environment without interfering with day-to-day operations.
By combining our collective resources to accelerate our response to cyber threats, we have the potential to drastically reduce the quantity and impact of cyber attacks that occur every year.
To see firsthand how an open security solution can drastically reduce risk, check out our introductory webinar: Introduction to Elastic Security: How to shrink MTTR.