Security Is A Process, Not A Tool
DARKReading, Monday, November 13,2023
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
The cybersecurity industry constantly says we need new tools to make our organizations secure. BYOD? You need mobile device management (MDM) and endpoint detection and response (EDR). Cloud? You need cloud configuration managers, hybrid observability tools, and specialized point solutions for managing and scanning exposed secrets, not to mention a lot more distributed web application firewalls. Kubernetes?
You need a new set of tools that mirror older tools like linters, dynamic application security testing (DAST), static application security testing (SAST), scanners, and more. Now, there's artificial intelligence (AI) - and chief information security officers (CISOs) and cybersecurity teams need tools such as scanning layers for AI-powered coding to address this emerging space. In short, tools rule.