Have you heard of cybersecurity mesh? Gartner recently ranked cybersecurity mesh as its top security trend for 2021/22. Highlighting this strategic approach as a key solution for digital business, Gartner say that cybersecurity mesh provides “the flexible, agile, scalable and composable” security options required when “digital assets — and individuals — are increasingly located outside of the traditional enterprise infrastructure.”
While the concept of cybersecurity mesh may be trending because of digital acceleration driven by the pandemic, it’s not new.
Fortinet has been advocating the approach for over a decade with its Fortinet Security Fabric. And at Cloud Business we have been involved in many on-going projects deploying cybersecurity mesh platforms: with customers often starting with just a few components to address a specific requirement or threat, then expanding the ‘mesh’ as they grow and innovate their security.
What is cybersecurity mesh?
There is some debate around what cybersecurity mesh is. Is it a solution, a security infrastructure, a concept or something else? Gartner describes cybersecurity mesh as “a composable and scalable approach to extending security controls.”
It’s an approach that enforces security policies across an enterprise, allows organisations to integrate all their security solutions, and share cybersecurity intelligence, automate and coordinate responses to threats between them.
Cybersecurity mesh doesn’t focus on a single perimeter around the enterprise infrastructure. This approach is now redundant as more people connect to enterprise networks and systems from different locations and different devices. Instead, each individual access point has its own perimeter, which also communicates and integrates with all other security solutions in the mesh.
Why traditional security solutions and strategies don’t work
The traditional approach of a single perimeter assumes that everything –devices and people -operate within the corporate infrastructure and are safe. The assumption is that they are not only protected from threats by the perimeter security, but also that they are not a threat themselves.
However, we no longer work that way. People and endpoints are now outside, working remotely, in cloud and multi-cloud environments, using their own devices and connecting to the network, systems and resources via the internet.
As well as some assets being outside the enterprise infrastructure, hybrid working means that sometimes they are also inside accessing the same systems and resources.
In response to this, many organisations are now implementing zero-trust strategies, where no one and nothing is trusted, and everything and everyone is verified. This is often the catalyst for exploring the bigger picture and taking a more holistic approach to cybersecurity. A cybersecurity mesh.
The benefits of cybersecurity mesh
A cybersecurity mesh approach simplifies security operations, increases the effectiveness of security defences, and makes your security posture stronger and more agile. Other benefits include:
- Gaining deep visibility across all network edges
- Increasing agility and resilience
- Sharing and leveraging intelligence from organisations’ own tools and their entire ecosystem
- Ensuring the best real-time defence against known and evolving threats
- Increasing organisations’ focus on high-value tasks
- Closing interoperability gaps between various vendors’ solutions
- Reducing deployment times and security failures
Use cases for cybersecurity mesh
Here are just a few of the many use cases for a cybersecurity mesh approach:
Securing remote and hybrid workforce
With remote and hybrid work here to stay, at least for some organisations, a cybersecurity mesh approach secures digital assets, endpoints, and users wherever they are and strengthens the security posture.
Growing businesses
Putting in place a cybersecurity mesh approach enables an organisation to scale without compromising security. By centralising its security policy management, as the organisation grows and the IT infrastructure expands and evolves, new access points can be protected and new security solutions integrated in a modular way.
Protection from insider threats
30 percent of data breaches involve organisation insiders acting negligently or maliciously. Securing each access point, implementing zero-trust strategies and deploying behavioural security solutions to monitor for non-compliant, suspicious, or anomalous behaviour, proactively protects from these types of threats.
Securing hybrid and multi-cloud environments
Cybersecurity mesh resolves a common problem with managing hybrid and multi-cloud environments. Security across an extended environment is complex to manage and there are often inconsistencies in the way it is enforced. A cybersecurity mesh platform provides full visibility across the entire attack surface, and integrates different security solutions on-premise and in the cloud.
Drives productivity and cost efficiencies
A centralised, single pane of glass, approach can deliver significant cost benefits. An integrated cybersecurity mesh platform can reduce the headcount needed to cover your cybersecurity function and the associated costs. Less downtime also results in increased productivity across the entire organisation.
Why should you consider a cybersecurity mesh approach?
With so many benefits and use cases for adopting this approach, it’s clear why it’s Gartner’s top security trend in 2002 and into the future.
So why should you consider this approach for your organisation? Here’s what we think:
IT systems are vulnerable. With a 600% increase in phishing attacks over the last few years, and ransomware attacks occur every 11 seconds, most IT systems are vulnerable. Zero-day attacks are also on the increase, doubling in 2021 from 2020. The cybersecurity mesh approach helps to reduce all these vulnerabilities significantly and protect from new attacks like zero-day.
Escalating costs. The cost of a cyberattack is significant, and no organisation is immune. An increasingly complex security infrastructure is also expensive, both to procure and deploy, but also to monitor and maintain. With many organisations embarking on further digital transformation projects, new security solutions need to be deployed or existing ones redesigned. All contributing to a higher spend. Siloed security solutions can also result in more downtime when incidents do occur, decreasing productivity and the costs associated with that. After the initial investment in implementing a cybersecurity mesh approach, organisations will quickly see ROI as other costs decrease.
Agility, flexibility and ability to scale. Implementing a cybersecurity mesh does not mean procuring an entire platform in one go. It also integrates existing solutions so you get more value, potentially extending the lifecycle of some security tools. The cybersecurity mesh grows with the organisation’s requires and infrastructure, components are added as and when needed, increasing agility and providing a flexible and scalable security environment.
Digital transformation. The recent acceleration in cloud migration has left many organisations having to retrofit security policies and solutions, and close security gaps. As organisations continue on their digital transformation journeys, cybersecurity mesh supports migration and flexes as new cloud environments are deployed.
Simplifies security operations. The changing digital landscape with assets sitting outside of the enterprise infrastructure as well as inside, creates complexity. A cybersecurity mesh strategy provides that holistic view which makes managing security operations easier and less complex.
Cybersecurity mesh best practice
If you are considering implementing a cybersecurity mesh strategy in your organisation, here are five best practices to ensure success:
1: Prioritise interoperability
To manage a complex distributed and evolving network, you need a unified cybersecurity mesh. This means identifying the right vendors that leverage application programming interfaces (APIs) and common standards to support interoperability. Look for vendors that also allow policy decisions to be made outside of their solution. This will ensure you can apply consistent security policies across the entire enterprise infrastructure and across digital assets on the outside.
2: Deploy common datasets and frameworks
To integrate all your security solutions and for them to communicate with each other, they need to access the same common datasets. This ensures the solutions protecting network edges, endpoints, and clouds, are using real-time global and community threat intelligence. Common datasets and frameworks support holistic analyses of the security and performance state, identifies emerging threats, and enables a unified response across the organisation.
3: Advanced threat detection
A cybersecurity mesh also needs to include security automation with the ability to create new protections when data analytics detect unknown threats. It should be linked to extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions for increasingly advanced network operations centre (NOC) and security operations centre (SOC) environments; but be able to function autonomously within simpler environments.
4: Rapid threat response
Using machine learning (ML) and artificial intelligence (AI), the cybersecurity mesh platform must be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. The ability to do this, disrupts the attack sequence before it can complete its objective, and is a clear driver for taking the cybersecurity mesh approach.
5: Dynamic and scalable
The cybersecurity threat landscape is ever evolving, and so are the tools and solutions to detect, protect and respond to threats. For this reason, your cybersecurity mesh platform must be dynamic so you can scale and expand. Deep integration is needed between security and network components so, returning to the first point, you need to work with vendors that support interoperability.
The beauty of a cybersecurity mesh approach is that you don’t need to work with just one cybersecurity vendor. Or replace existing solutions, provided they can be integrated into the cybersecurity mesh platform.
As stated at the top of this post, cybersecurity mesh is not a new concept. However, the acceleration in digital transformation in recent years has effectively served as a proof of concept, and the cybersecurity mesh approach has clearly demonstrated its up to the job.
Would you like to learn more? If you want to explore implementing a cybersecurity mesh strategy in more detail, please get in touch. Our security team can will walk you through the approach and answer any questions.