As the director of cyber programs at Israel Aerospace Industries (IAI), Esti Peshin deals with large companies around the world in developing and deploying technologies to support cyber security. With a capability built up over many years in electronic warfare, the IAI found they were able to reapply that expertise in the field of cyber security.
Electronic warfare picture from Shutterstock
“Electronic warfare is the same as cyber. If you put it crudely, you basically shoot pulses at a system to take it out. In cyber, you shoot bits at the system to take it out”.
Peshin told us the cyber security market is very busy with a huge number of start ups and established companies pushing their cyber credentials. However, such a vibrant market has created a massive challenge for companies.
“The main challenge today is what I refer to as the implementation cycle. It takes a long time to implement a solution. I once asked the CIO of one of the largest organisations in Israel if I had a firewall that was 60% better than the firewall you have would you want it. He said of course.
"I asked how long it would take to implement it. He says two to three years. This means that by the time you have deployed it the bad guys already have a solution”.
The end result of that conversation, says Peshin, is the CIO chose to do nothing in order to avoid the implementation cycle.
At a recent conference in Israel, Peshin chaired a panel that sought to answer whether there was too much innovation in cyber.
“The answer was yes, there is. End users can’t keep up with the pace of new technologies,” she says.
So, how can companies get out of this cycle of long implementations and take advantage of new technologies? Peshin says there are two potential solutions: managed security services and the use of a framework that utilise plug-ins that support a SOA model for cyber security.
“These frameworks sit within the network and you can plug in various technologies into the framework. The framework is eternal – you implement it and it stays there – but that’s the only interface to the network. As new technologies are rolled out, it will speak with the framework and the framework is the only thing that is touching the network.
"We’ll see how well it works. If it works well, we keep it but if it doesn’t work well we’ll throw it away. Combined with the service-based approach I think this will streamline the market. But most of these frameworks are still under development”.
While the introduction of such frameworks may take time, Peshin says with an accelerating innovation cycle, this might be the only way companies can keep up.
The author of this article travelled to Singapore to attend the RSA Conference as a guest of RSA.