Continuous Security - More on Gartner’s CARTA Model

In recent blog posts, we’ve been highlighting some of the key takeaways from Gartner’s recent security conference. In the session on the top 10 principles of CARTA (Continuous Adaptive Risk and Trust Assessment), Neil MacDonald highlighted how organizations need to change their security practices to match today’s world.

One of the more interesting observations Neil made was that organizations in general have over-invested in preventative measures and they’ve underinvested in the detection and response.

“We keep trying to build a bigger and bigger gate,” he said. “We’ve overinvested here — but bad entities get past one-time gating.” Instead, he said, “we need to build a reasonable gate but know that the bad guy’s going to get in, so focus on doing continuous checks to find the risky behaviors.”

This thinking is a bit inline with analyst Ramon Krikken’s comments earlier at the conference that we need to “shift right” with our security investments. Don’t overburden the developers — let them write secure code — and then assume the breach and find the bad guys.

Neil explained it as, “if you’ve got a signature, by all means use it — but the efficacy of those approaches is diminishing.” It’s critical to leverage context of what’s happening in the environment to help your SOC analysts focus on those events that represent the greatest risk, he said.

The real value comes in unifying both the “left” and the “right” side — the prevention along with the detection and response. “They’re fundamentally the same thing,” Neil commented.

StackRox takes this unification very seriously. We’ve designed our container security platform to provide visibility, risk assessment, and policy enforcement during the build and deploy phase, and then perform adaptive detection during runtime to find and stop malicious activity.

The real power of the StackRox platform comes from our ability to take information learned during each phase and feed it back into the other phase. So when we see risky configurations or other attributes at deployment, we keep a closer eye on those vulnerabilities in runtime. Similarly, if we see malicious activity at runtime, we look for the element that enabled that attack and elevate the risk score of any infrastructure that shares that element. This continuous feedback loop enables continuous improvement in your security posture — you get a better outcome in both the build/deploy and runtime phases as a result.

Visibility and asset management is the starting point. Leverage the StackRox free container risk assessment report to understand your landscape of containers and the relative risk of different assets in your environment.

Next up, we’ll discuss Gartner’s take on the top security projects you should pursue this year and the value of thinking like a hacker.