John Parlee, Chief Information Security Officer (CISO) at Park Place Technologies, talks to Security magazine about key trends in the network security space, including why analytics are critical to network security and how companies can ensure they have a viable monitoring solution.
Security: What is your background? What are your current responsibilities in your role?
Parlee: After graduating from the United States Military Academy, I served in the U.S. Army and U.S. Army Reserve before holding roles in the private sector. In my current position as the CISO at Park Place Technologies, I drive the vision and direction for the security program, and balance those needs with our business objectives.
Security: What key trends have you observed in the network security space?
Parlee: The evolution of services and their delivery models have changed the network landscape. Remote workforce options, cloud adoption, hosted platforms, and collaboration suites have introduced new challenges for security teams needing visibility and context to detect and respond to threats. These challenges are being solved by introducing products and capabilities that can provide visibility and control through identity-awareness, device context and health, policy-driven access controls, and continuous risk evaluation. Architecture such as "Secure Access Service Edge," or SASE, enables security and IT teams to define policy-based access defined by the identity of the end user, and the evaluation of the device being used. Changes to the device, or user behavior can result in that access being re-evaluated, or revoked. As the attack surface has changed, new technologies offer the means to better network security.
Security: Why are analytics critical to network security?
Parlee: An analytical approach to network security builds on the concept of defining acceptable traffic flows, and provides better insight using big data analysis techniques and machine learning to establish normalized behavior over time to better identify anomalous activity. As attacks continue to evolve, security teams cannot rely solely on existing correlation rules, or pattern matching. Adding additional data facets such as identity, location, device, context, and risk enable better detection models to be developed.
Security: Why is it critical that companies ensure they have a viable monitoring solution, particularly as a hybrid workplace is in place for the foreseeable future?
Parlee: The hybrid workplace is here to stay, and security monitoring must stay in sync with the technology solutions that support productivity and flexibility. Traditional perimeters, which offered a "chokepoint" for visibility and monitoring, no longer exist, and data protection is driving the need for an updated approach to monitoring access to organizational data stored in either the data center, or in the cloud. Security and IT teams need to be able to answer the question: "Who accessed what data, and from where?" Having the appropriate monitoring solution in place will ensure that companies are meeting data compliance objectives and implementing best practices.
Security: What are best practices on how enterprise security/cyber leaders can keep their network secure?
Parlee: It is important to understand and inventory your data, as well as understand the use cases for access. Security leaders must help the organization define the acceptable usage requirements and controls. Network monitoring and analysis is a must. Getting the appropriate level of visibility is critical, and security teams must validate that they have the data to produce the analytics necessary to detect and investigate anomalous activity.