8 min read time

Adapt Cybersecurity Mesh Architecture (CSMA) by 2024 or Be Ready for the Cyber Shocks

by in Cybersecurity

"It's not the strongest of the species that survives, not the most intelligent that survives. It is the one that is most adaptable to change." - Charles Darwin.

In this dynamic and modern world, even if you are strongest or the most intelligent organization, you are still vulnerable. You need to be open to learn, flexible to new demands, and in fact need to learn the art to grow along.

Quick adaptation to remote work is a classic example of adaptability required during the pandemic. In the top security and risk trends shared by Gartner in 2021, the holes which have been created by remote workforce trends demand an intelligent, flexible, and scalable security strategy. The answer to this problem is to have a flexible, interoperable, and intelligent automation driven Cybersecurity Mesh Architecture.

What is Cybersecurity Mesh ?

According to Gartner, “Cybersecurity mesh, or cybersecurity mesh architecture (CSMA), is a collaborative ecosystem of tools and controls to secure a modern, distributed enterprise.” It builds on a strategy of integrating composable, distributed security tools by centralizing the data and control plane to achieve more effective collaboration between tools. Outcomes include enhanced capabilities for detection, more efficient responses, consistent policy, posture and playbook management, and more adaptive and granular access control — all of which lead to better security.

The broader vision is to evolve into a design where security tools and products do not work in silos, but in a cyber resilient ecosystem where products interoperate on different supportive layers, with consolidated policy and security posture management, consolidated dashboards, centralized security analytics, and intelligence around a distributed identity fabric. This concept is not limited to enterprise level but it is covering the multi-cloud and hybrid cloud architectures as well because of its modularity and flexible approach.

Cybersecurity Mesh Architecture

What are the Various Layer and Applications in CSMA?

According to Gartner, Cybersecurity Mesh Architecture is broadly classified in to four layers:

1.    Consolidated Dashboards

This is the operations dashboard layer which comprise of centralized dashboards, centralized alerting and reporting, centralized investigations, and mesh virtualization of risk scores.

2.    Consolidated Policy and Security Posture Management

In this layer, we are heavily dealing with policy, posture and playbook management.

3.    Centralized Security Analytics and Management

This layer contributes to threat intelligence, analytics aggregation, machine learning and realtime entity risk scoring.

4.    Distributed Identity Fabric

This is the most targeted layer which comprise of directory services, adaptive access and authentication, and entitlements management of various forms of identities.

Now, to satisfy the need of these four layers of CSMA there are these products/solutions which contribute to close the gaps and mitigate risks. As you can imagine, it will be very tedious to list all of them, but the major ones include:

List of major applications in CSMA

  Security Incident and Event monitoring (SIEM)

Web Application and API Protection (WAAP) / Web Application Firewall (WAF)

Dynamic Application Security Testing (DAST)

Zero trust Network Access (ZTNA)

Static Application Security Testing (SAST)

Intrusion detection and Prevention System (IDPS)

Data Classification, Privacy and Protection (DCPP)

Secure Web Gateway (SWG)


 Enterprise Digital Rights Management (EDRM)

Enterprise Firewalls (EFW)

Unified Endpoint Management (UEM)/ Unified Endpoint Security (UES)

Data Loss Protection (DLP)

 Customer Identity and Access Management (CIAM)

Secure Email Gateway (SEG)

 Privileged Access Management (PAM)

 Endpoint Protection Platform (EPP)

 Identity Governance and Administration (IGA)

 Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)

 Access Management (AM)

 Mobile Threat Defence (MTD)

 Multi-Factor Authentication (MFA)

 Cloud Workload Protection Platform (CWPP)

Cloud Access Security Brokers (CASB)

 Cloud Security Posture Management (CSPM)

CSMA solutions

Do organizations really need CSMA?

Cybersecurity Mesh is the most practical and adaptable approach for dealing with the emerging modern threats and organizations who are making their security strategies should look at it as a transformative objective. This is not only required to boost their enterprise level security but can be extended to their deployments in multi-cloud and hybrid cloud architectures as well. With this approach, you could also satisfy your ZTX (extended zero trust) strategy as it broadly covers the entire horizon of security.

With rapid digital transformation, increase in attack surfaces, and remote work becoming the latest trend, each endpoint/node is a potential intrusion point, which could be exploited to compromise the entire internal network. Hackers deploy bots, ransomware, malware at endpoints/devices very frequently to temper the organization’s brand, revenue, and trust.

Apart from security, it is very important to drive the new business initiatives which includes:

  • Mergers and Acquisitions
  • Managed Services Platform offerings
  • Third party application integration to minimize existing manual efforts and increase ROI
  • Migrating from On-Prem Solutions to Cloud Solutions to reduce OPEX and CAPEX

Organizations around the world are embracing this trend, will be the pioneers in the race of digital transformation and stay ahead of the modern threats, respond to them effectively and ultimately stay resilient.

Key points to ponder while adapting CSMA

With so many advantages to the cybersecurity mesh approach, it is clear to see why more organizations are adopting this strategy. Gartner spells it out in The Top 8 Cybersecurity Predictions for 2021-2022:

  • The need to stay cyber-resilient in this dynamic world
  • Maintain trust among the customers
  • Extended zero trust strategy (ZTX)
  • Stay away from the vulnerabilities and recover faster when detected
  • Be nimble in their adoption of technology platforms and flexibility to choose best-in-the-breed apps/products
  • Ease of interoperability
  • Ease of integration and unified administration and last but not the least, even the market analysts have predicted the adoption trend.
  • By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.

On a business front, if you consider a vendor where you get most of these products and solutions, it could reduce your organizations overhead in multiple areas including:

  • Inter/Intra-solutions integration-based communications at the development, implementation, and testing fronts
  • Product and solutions support
  • Easy maintenance, change managements, updates, upgrades, and interoperability
  • Easy licensing and costing (greater chances to get competitive pricing on buying multiple products and solutions)
  • Optimized usage of identity fabric (reduction in redundant data at multiple solution and product levels)

How Can CyberRes Help?

CyberRes is a Micro Focus line of business. We bring the expertise of one of the world’s largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. We are here to help enterprises accelerate trust, reliability, and survivability through times of adversity, crisis, and business volatility. We are a part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow’s opportunities.

We believe that we have the most comprehensive set of solutions to offer to you in your CSMA journey. We call ourselves “CyberRes” and there is a reason to it; we pride ourselves in not only making your transformation resilient, but sustaining your business, as we always assume breach.

Following are our offerings at a high level:

NetIQ is a specialized portfolio of CyberRes which focus on the Distributed Identity fabric and one-stop-shop for all your identity needs. It provides comprehensive workforce and customer identity solutions to enterprise-scale organizations – leveraging Identity to provide secure access, effective governance, scalable automation, actionable analysis and insight across their Cloud, Mobile, & Data platforms. Please follow the links below for more information on our NetIQ Pillar.

NetIQ homepage | NetIQ Unplugged YouTube channel | Zero Trust Architecture | Join our NetIQ Access Manager Community | Join our NetIQ IGA Community |

Fortify delivers software resilience for modern development with a holistic, inclusive, and extensible application security platform from a trusted partner that supports today’s enterprises. This comprehensive suite of products brings holistic security and visibility to developers, AppSec professionals and key stakeholders with automated integrations for any tool, anywhere in the SDLC and a robust set of capabilities available on-premises, SaaS, and as-a-service. Please follow the links for more details.

Fortify Homepage | Fortify Unplugged YouTube channel | Fortify DAST | Fortify DAST | Join our Fortify Community

Voltage is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow’s opportunities. CyberRes Voltage solutions help secure organizations with continuous data discovery, insight, and protection to reduce risk and enable privacy by design. Voltage’s leading format-preserving enterprise data protection techniques include encryption, tokenization, hashing, and masking to address privacy compliance, payments standards and regulations, and data security. Please find some important links and references on our Voltage Pillar.

Voltage Homepage | Voltage Unplugged YouTube Channel | Privacy Compliance Hub | Join our Voltage Data Privacy and Protection Community 

ArcSight delivers accelerated threat detection and response with holistic security analysis, native SOAR, and intelligent automation. CyberRes ArcSight solutions help organizations to reduce exposure time, mitigate people centric attacks, detect pre-emptive threats, attain SecOps compliance and maintain operational efficiency. Please follow the links below for more information on our ArcSight Pillar.

ArcSight Homepage | ArcSight Unplugged Youtube Channel | Intelligent SecOps Hub | Insider Threats Hub | Join our ArcSight Community 

Do reach out to us to discuss your Cybersecurity Mesh Architecture (CSMA) strategy and make your organization’s future secure and hack-proof. We’d love to hear your thoughts on this blog.

Labels:

Security
  • Hey Anand Kumar Jha,

    Adapt or face the shocks – you've nailed it. The Cybersecurity Mesh Architecture (CSMA) is like the Swiss Army knife for the digital world. Think of it as the Avengers team of security tools, each with its unique superpower, but all collaborating seamlessly.

    I've been in the cybersecurity game for a while, and the CSMA approach makes a world of sense. It's not just about plugging holes; it's about creating an ecosystem where these tools become a united front against cyber threats. The layers – dashboards, policy management, analytics, and identity fabric – are like the shields and armor that keep your organization resilient.

    Now, about those tools you need to check – SIEM, WAF, DLP, the whole alphabet soup. It's a bit overwhelming, but hey, better safe than sorry. And don't forget the human touch; educate your team about the importance of cybersecurity hygiene.

    As for CyberRes, they seem to have the arsenal for the job. But remember, technology is only as good as the people using it.