In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
BCSC 2021 Roundtable: The state-of-the-art cyber security technology
16 November 2021 – Cyber Security Coalition
State-of-the-art cyber security technology – Roundtable
Bart Van den Branden, Cegeka
Stijn Rommens, Security Engineering Manager Southern & Northern Europe Vectra
Steven De Ruyver, Area Sales Manager Belux Cisco
Patrick Commers, Fortinet Storyteller/Sales/Evangelist
Bart Asnot, Technical Specialist Security & Compliance, Microsoft
Mikkel Planck, Senior Sales Engineer Crowdstrike
Moderator: Ulrich Seldeslachts, CEO LSEC Leaders in Security
The fast changing threat landscape is countered by an equally fast changing security. So what is today’s ‘state-of-the-art’ security technology, and what more can we expect? At the 2021 Belgian Cyber Security Convention (BCSC), top companies drew a picture of today’s security ‘art’.
Actually, a full answer would be rather difficult, considering how broad the scope of the question is… So probably a better question would be: what is right for your business today, and what is your roadmap to handle emerging challenges? Then go for the appropriate “state-of-the-art’ for those specific needs. Furthermore, whatever technology acquired by a company must be integrated in an existing security environment… which most of the time is overly and hopelessly too complex (often with many dozens of point solutions). So, the introduction of true state-of-the-art-technology requires a major rethink of your security architecture. First, establish a baseline conforming to the nature of your industry, and then go for the right state-of-the-art.
Considering the diversity of companies on the panel, many developments were mentioned. Obviously, AI and machine learning-enabled security tools are hot, but also many forms of automation (including automated responses), advanced trouble/root cause detection, enriched threat information and more.
Interestingly, specific attention was drawn to the need and use of people in a holistic security system! State-of-the-art not only allows human experts to react faster and more appropriate to incidents, but also includes a broad security awareness of all people in a company. Actually, this is an aspect that co-determines the security maturity of a company, with state-of-the-art requiring a solid maturity. And it will also determine the potential of the company to attract the required specialists…
Today, a major challenge is finding relevant actionable information on incidents in your company’s environment. It is a matter of collecting the data, the necessary aggregation and interpretation of the data… and removing all the noise! Additionally, there is the challenge of getting information from networks and processing environments you don’t own (e.g., the cloud), and to find the information you don’t know yet but do need. That will demand a better use of existing technology, improvement of this technology and continuous vigilance regarding emerging threats.
The future will include even more automation, with e.g. self-healing networks. Also, actionable cyber intelligence will grow in importance (in an open exchange of information). And even more important will be the need for security solutions to offer more business value. As it is, budgets are available, but yet all too often in the wake of an incident. This must change, with security solutions not simply repairing damage, but offering value.
You can (re)watch the roundtable clicking on this link. The recording can be found in the section 7 – Belgian Cyber Security Convention.
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.