Ensuring business continuity with solutions that make up for security personnel shortages

He further stressed that, rather than the conventional priority on preventing intrusions, what is most important from the standpoint of protecting business is “cyber resilience,” the ability to recover to a state in which operations can continue even if an attack is received.

What can be done to raise the cyber resilience of an organization? Cisco Systems organizes seven high-priority initiatives broadly along the lines of “people/processes/culture” and “architecture.”

Belonging to the first group are (1) Establishing management-level support, (2) Fostering a security culture, and (3) Obtaining resources, while the second group consists of (4) Simplifying the hybrid cloud environment, (5) Implementing and maturing Zero Trust, (6) Strengthening detection and response capability, and (7) Implementing security at the edge.

Cisco Systems published a Security Outcomes Report that shows the extent of achievement in each of the seven areas as differences in average resilience scores. For (5), for example, there is a score difference of +30% between an organization that has implemented a mature Zero Trust program and one that has not.

Similarly, for (6), a company that has deployed and matured Extended Detection and Response (XDR) technology, for accurately determining the pathway of an attack, the damage status and causes, and responding to the situation, earns a score difference of +45% over a company that has not done so. Furthermore, in the case of (7), there is a score difference of +27% between an organization that has introduced Secure Access Service Edge (SASE), which unifies security functions with network functions to ensure a secure environment, and one that has not.

In other words, considering and implementing Zero Trust, XDR, SASE are steps that enhance resilience.

Mr. Nakamura pointed out that “Countermeasures need to be devised on the premise of Zero Trust (Never Trust, Always Verify).” He spoke about the importance also of managing the security measures as a policy integrating four approaches, namely, “establishing trust,” “trust-based access control,” “continual trust verification,” and “responding to changes in trust.”

In a situation where infrastructure is becoming more complex and security risks are increasingly challenging, he said SASE is one effective solution. A SASE provided to leading SMEs by Cisco Systems is Cisco+Secure Connect, an integrated package that can be deployed quickly on a turnkey basis and is easy to use.

A key to XDR is artificial intelligence (AI). To deal with attacks that have evolved by making use of AI, since around 2020 the defense side has also been using AI. In this way, cybercrime has come to take on the appearance of “AI vs. AI.”

In 2023, Cisco Systems brought out two security solutions using generative AI: SOC Assistant as an XDR service and AI Assistant as a firewall product. Since a huge investment is required for AI development and the like, Mr. Nakamura added that “users should also closely examine the trends in the financial base of each company.”

He ended his presentation by noting the importance of “security by design” in approaching security, and also of reducing point solutions to make things simpler and ease the management burden.

• Deloitte Tohmatsu Group ‘Trust’ guarantees the legitimacy of the individual Demonstrating social value to become the source of DX
• Cisco Systems Ensuring business continuity with solutions that make up for security personnel shortages
• Zscaler “Deception Technology” protecting companies from supply chain attacks
• Secureworks Protecting companies from the latest threats with XDR, merging technology with expert knowledge
• ServiceNow Why the new concept “ASM” is in demand for managing security
• BAE Systems Japan Nations’ cybersecurity is shaped by the private sector
• BlackBerry Japan Using next-generation AI solutions to counter attacks that are evolving with AI
• Palo Alto Networks Blocking attacks with the SASE solution developed by Palo Alto Networks making extensive use of AI