In this second video of a four-part series, Chris Inglis, former NSA deputy director and current Securonix advisory board chair, joins Securonix CEO Sachin Nayyar to discuss the evolution of technological capabilities to defend organizations against increasingly complex cyber attacks.
"We still defend the wrong thing at the wrong time and hold the wrong people accountable," says Inglis.
Traditional security tools have focused on abstractions such as perimeters and endpoints, representations of things that don't really exist in today's interconnected ecosystem. They were not designed to protect the data we're actually trying to keep out of the hands of attackers. These tools have been marginally effective at defending against yesterday's attacks, those we already know are in the environment.
"If you're lucky, someone else experiences the attack first. If you're smart, you prepare for the first time it happens to you," says Inglis. "We cannot respond at the speed of yesterday. We need to understand what is happening today."
Inglis advocates for an industry-wide shift from security measures that focus on abstractions, to a renewed focus on data and behavior that is applied against that data.
"You need to have the analytics that actually understand data and behavior, and you need to do it in real time," argues Inglis. "A proactive defense focuses on anomalous behavior."
Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. He began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, Inglis held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).
Nayyar has over 15 years of experience providing thought leadership around Information Security. He is a renowned thought leader in areas of Role Design, Role Management, Regulations, Risk Management, Compliance, Identity/Access and Governance. Prior to Securonix, Sachin was the Founder and CEO of Saviynt - a leading provider of Cloud Access Governance and Intelligence solutions and Vaau - makers of role management and identity compliance solutions, where he took the company from conception to acquisition by Sun Microsystems. While at Sun, he held the role of Chief Identity Strategist responsible for vision and direction of Sun's entire security portfolio.