Source: marcos alvarado via Alamy Stock Photo

COMMENTARY

In an era of enormous data volumes and proliferated sources, cybersecurity has become a data management problem. The threat landscape is always evolving, leaving elements of security infrastructure still needing attention. As we prepare for surmounting challenges ahead, it has become clear: Equitable access to our log data is not just a necessity, but a categorical imperative. As threats evolve in sophistication and scale, new paradigms are emerging — security hinges on data management, and it's important to approach it accordingly.

The original SIEM/SOAR setup, where companies used proprietary systems to analyze and store security data, worked well enough in the pre-cloud era. However, as businesses have massively adopted cloud services, this approach has struggled to keep pace. Not only has it become increasingly costly, but in some cases, the technical demands have reached levels that are almost unreasonable.

Cybercrime's impact spans far more than just enterprise ransomware — it often poses threats against innocent civilians. One of the most recent attacks is also one of the most advanced: the March 2024 attack on Change Healthcare. Suspected nation-state actors gained access to 6TB of sensitive data. This is just one example of millions.

Response to Cyber Exploitation

Cybersecurity as a whole emerged in the 1970s, during the infancy of professional-grade computers, beginning with the emergence of programs like Creeper and Reaper. Progressing into the 1980s was commercial antivirus software, like John McAfee's VirusScan. With the popularization of the Internet, cyber data expanded rapidly, making any regulation — governmental or industry standards — nearly impossible, creating confusion on who owns security data, and who should merely have access to it. 

Personal information became vulnerable to exploitation, prompting new firewalls and antivirus programs to protect the public. In the 2000s, crime organizations began funding sophisticated attacks, causing governments to impose stricter penalties for cybercrime. Amid these challenges, the quest for equitable access to data remains, as individuals and companies navigate a fraught digital landscape. 

Aside from penalizing cybercrime, legislation has largely left data alone. Even new enterprises have vast amounts of data within the disjointed and cumbersome security data ecosystem. This issue is escalating: The cybersecurity market size is projected to grow from $172.32 billion in 2023 to $424.97 billion in 2030, with each cyberattack costing companies in the US an average of $9.48 million.

Modern cybersecurity relies heavily on our ability to gather data from the multitude of cloud services available, putting enterprises at the mercy of these platforms. Democratized data access lies in cloud platform providers adopting a collective approach to data. However, authentication methods and log formats are unnecessarily complex, lacking standardization in formats and timeliness across platforms.

Despite the promise offered by new open schema formats, adoption has been hindered by overreliance on proprietary systems. Cloud service providers, serving as primary sources of security data, play a crucial role, yet there remains little standardization in how data is formatted and delivered. Achieving uniformity in log data management is essential for enhancing cybersecurity posture and mitigating risk, necessitating industry collaboration among cloud providers, cybersecurity vendors, and regulatory bodies to establish best practices and promote transparency in data governance. By prioritizing resilience, adaptability, and inclusivity, organizations can better protect their digital assets and unlock future growth opportunities in the cybersecurity landscape.

Patchwork Approach Doesn't Cut It 

Pause for a moment and consider the sheer absurdity of it all: The modern security data stack now relies on a shambolic patchwork of log data from countless sources, each employing its own format, often devoid of any service-level agreement. If we don't rectify this situation, the consequences could be dire for us all.

In a perfect world, everything in cybersecurity would fit together like a puzzle. We'd have standardized formats for all our data and easy-to-follow rules for accessing it. Security systems would work seamlessly with each other, enhancing transparency and strengthening our defense against threats. It's not just about companies getting their act together, though. Governments could play a big part, setting rules that encourage good behavior and holding businesses accountable for keeping our data safe. This collaborative effort could really push us toward a fairer, safer digital world.

Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data. This future requires a paradigm shift — one that prioritizes resilience, adaptability, and inclusivity. By embracing a unified approach to cybersecurity, enterprises can mitigate risk, protect their digital assets, and unlock future growth opportunities.