Cambrian Explosion of Cybersecurity

[BACKUP FROM DEAD GARTNER BLOG]

NOTE: After Gartner killed ALL blogs in late 2023, I wanted to save this article from 2016 (via archive.org ) and repost it here with backdates for posterity.

The Cambrian Explosion of Cybersecurity

Originally published on July 5, 2016?

One of my hobbies is the end of the world in all its forms and variations (no need to panic though,? I am a scholar,? not a practitioner). This includes a healthy interest in mass die-offs and extinctions. This interest sometimes leads to odd and quirky insights, and I wanted to share one of these with you below.

The Cambrian explosion was a period in Earth’s history 530 Million years ago, originally identified in the fossil record in the Burgess shale deposit in the Canadian Rockies, when species variation went into overdrive, resulting in a vast variety of different body forms and variations [1]. Many of the creatures alive today, including shellfish, mollusks, crustaceans and worms amongst others, still derive from this extraordinary period in evolution. Researchers are still busy to this day trying to establish taxonomies for the bewildering variety of designs, forms and templates that have been associated with this period of evolution

One of the mainstream theories to explain the Cambrian Explosion is that life had evolved to a level of complexity that permitted many different architectural approaches, and had a free canvas to explore many different and diverse designs. Of course – many of these designs did not survive into our current Holocene Era – in fact many went extinct way before that. There have been many die-offs and major extinction events in earth’s history – the Permian-Triassic extinction event 250 Million years ago for example, which killed 90% of all known species, or the popularized KT extinction event at the end of Cretaceous period 65 Million years ago– with the resulting disappearances of Dinosaurs and our own slow climb to the top of the evolutionary ladder [2].

This reminds me of what we are seeing in cybersecurity today. Recent developments, in terms of the price and availability of storage, memory and processing power, as well as new and novel technologies such as mobile, cloud, Big data and Machine Learning, to cite some of the better known examples, have created a comparable playing field – a high level of complexity allowing for experiments and many variations, and an empty canvas to explore them.

If we take a look at some examples of the huge variety of available security solutions, we can see some parallels to the Cambrian explosion in our own field. Endpoint Detection and Response, Network Traffic Analysis, Security Operations, Analytics and Reporting, User and Entity Behavior Analytics, Security Operations Automation Platforms,Security Incident Response Platforms, Security Information and Event Management, Cloud Access Security Brokers, Threat Intelligence Platforms are just a few examples of the wild and diverse flora and fauna of the security ecosystem.? It seems as though we have long hit a point where it is increasingly difficult to try and label a solution clearly– to state what it is. Instead? we should now be focusing on what a solution does. Capability drift means that many solutions have extended beyond their original use case, with some SIEM’s? adding UEBA capabilities, and everyone and anyone adding Advanced Analytics capabilities for example.? We? require a more nuanced approach that focuses on function and capabilities over features,? rather than a clear and hard categorization. It is about identifying the gaps and the overlap between solutions, which does of course complicate solution selection and deployment.

We have to overcome the same challenges as end users – we are seeing the same thing – but of course it is our task to shed some light on these and help end users navigate this confusing yet necessary explosion of technologies and capabilities.

We do this by providing solution and technology categorizations and definitions where we can, that look at functions and capabilities rather than prescribing a rigid set of technologies. Designing security architectures? is not a matter of slotting together point solutions anymore – if it ever was – it is about identifying required capabilities and then selecting the right technologies to provide these whilst considering the gaps and the overlap between them. This makes good security architecture design more challenging, but also more effective if done right.

So are we awaiting our own security technology KT boundary? Much like the Cambrian Explosion, many of the experiments in Security Technologies will not yield fruit – they will be outcompeted or made redundant – and we may just see our own major technology extinction event – but more likely we will have a healthy background extinction rate relegating some of these approaches to the great technology graveyard in the cloud.

References

[1] See “The Cambrian Explosion“ https://www.evolution.berkeley.edu/evosite/evo101/VIIB1cCambrian.shtml

[2] See “Mass Extinctions -What Causes Animal Die-Offs?” https://science.nationalgeographic.com/science/prehistoric-world/mass-extinction/