Marching Towards Cyber Security Mesh Architecture

Today’s enterprises operate in a distributed manner, with assets and workforce scattered across the world. Owing to this, technology deployment and management have changed over the years. Networks have become distributed; applications are hosted on cloud services and the number of remote employees is rapidly increasing. It is clear that fully centralized IT networks are slowly but surely moving toward extinction. Similarly, the cyberattack vector is growing rapidly, and cybercrimes are finding new and increasingly sophisticated ways to steal data and disrupt business operations. After all, a walled city cannot protect its people when they are roaming outside of it.

Before Cyber Security Mesh

The traditional approach to cybersecurity was to identify and implement specific remedies to defend against every potential danger and attack. To achieve this, organizations have deployed a variety of solutions, such as Web Application Firewalls (WAFs), firewalls for network security and end-point protection for malware. According to an independent study by IBM, today’s businesses have implemented an average of 45 security solutions across their networks. This traditional method creates a security gap in interoperability between tools. Moreover, there are unnecessary overlaps between multiple devices or software each being paid for through its own licensing – simply put, too many solutions from too many vendors.

What is Cyber Security Mesh Architecture (CSMA)?

When addressing these challenges, we had to change our style of managing projects and teams as follows:

Cybersecurity Mesh Architecture (CSMA) is a concept developed by Gartner to help companies move beyond the protection of traditional IT perimeters to a more collaborative and flexible approach to security. CSMA is a fundamental support layer that enables various security services to collaborate, creating a dynamic security environment. It also promotes coordination and interoperability between products, which leads to a more integrated security policy. It takes less time to build, maintain and eliminate the possibility of security deadends that cannot serve future demands. Cybersecurity technologies are deployed through CSMA; each device will be added to the network as an integrated, carefully planned part of a consolidated security posture. A cybersecurity mesh is also defined by Gartner as a distributed architectural approach to flexible, scalable and reliable cybersecurity control.

CSMA provides four foundational layers that make it possible for various security controls and solutions to cooperate with one another and make deployment, configuration and maintenance easier.

The four layers are as follows:

  • Security analytics and intelligence
  • This layer is responsible for accurately gathering data from threat resources. CSMA will develop a rapid threat response strategy based on data security tools such as SIEM and SOAR that can analyze potential threats.
  • Distributed identity fabric
  • This layer is responsible for providing identity and access management, an essential component of a Zero Trust strategy.
  • Consolidated policy and posture management
  • This layer is responsible for managing and enforcing consistent security policies across different environments. CSMA translates the central cybersecurity policy into the foundational framework for every security solution or can offer dynamic runtime authorization services.
  • Consolidated dashboards
    • Having to switch between numerous dashboards from different security vendors or tools decreases the effectiveness of security operations. Using an integrated dashboard, CSMA provides a composite view of the complete security architecture e platforms.

Key features of CSMA

Several CSMA features, including the following, will result in enhanced flexibility, agility and an overall stronger security posture for an enterprise:

  • Ease of implementation
    • CSMA is ideal to simplify and streamline design, deployment and maintenance.
  • Practicality
    • CSMA is a more practical architecture to protect digital assets hosted outside the traditional network perimeter.
  • Zero security gaps
    • Enterprises can address security gaps caused by flaws and vulnerabilities in various solutions by utilizing existing and developing security standards.
  • Agility
    • CSMA has the advantage of making an organization’s detection and response to security threats more agile.
  • Future friendly
    • CSMA supports future expansion by utilizing plug-in APIs to easily enable extensions, customization, analytics and compliance with new regulations and standards.

How different vendors approach CSMA

Several cybersecurity vendors have “CSMA-like” approaches that can provide benefits of scale and cost to an extent. However, they have the potential for vendor lock-in due to a lack of interoperability.

  • Fortinet Security Fabric: Designed to manage the entire digital attack surface, while reducing risks by eliminating vulnerabilities and gaps in security.
  • Checkpoint Infinity: Provides consolidated security across an organization’s entire IT environment, enabling centralized security management and integrated threat prevention and response.

Conclusion

According to Gartner’s strategic assumption, “By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by an average of 90%.”

It is clear that traditional security approaches are failing to fulfill fast-evolving and demanding cybersecurity requirements. However, many enterprises remain stuck with traditional cyber security methods. Larger enterprises with complicated IT systems (such as banks and government organizations) have invested heavily in several security solutions to individually protect each asset in their environment. Cybersecurity Mesh Architecture (CSMA) contributes to the creation of a unified, integrated security framework for all assets, whether on-premises, in data centers or on the cloud. Through standardizing the communication between security solutions, CSMA enables standalone security products to coordinate and interoperate, increasing overall security.

Anuka Jinadasa

Associate Engineer – Cyber Security