The Open Source Movement

For those living under a rock, there is a massive effort underway by the government, military, and large corporations to move away for proprietary, closed systems to open source projects.  There are just too many issues with closed source applications – from interoperability challenges to vendor persistence to excessive pricing impacts for changes.  Compounding this issue, is the reality that no one company can ever keep possibly keep up with the rate of change required by multifaceted organizations.

Thus the move to Open Source which, while it has its own challenges, is proving to be a far superior option to closed off systems.  Adding to the open source movement are companies such as D2iQ which are layering solution building offerings on top of open source projects (in their case it is #kubernetes) to eliminate many of the challenges of open source.  Using solutions such as the ones from D2iQ enable the best of all worlds – rapid, widespread capability enhancement opportunities, no vendor lock-in and yet efficient solutions that do not require a team of developers 15 years to deploy.  All of this sounds amazing…

Until you run into cybersecurity.

The Security Conundrum

Bear has provided innumerable posts, articles, and whitepapers on the challenges of cybersecurity within enterprises and those will not be re-hashed in this post.  Instead, the focus here is on the reality that, given the way most cybersecurity is built, providing open source code would immediately render these systems obsolete.  The core challenge to this end is the reality that all of these applications hard code their security behaviors.  Yes, most are simply reporting on an issue and not actually providing remediation, but even the way in which exploits are reported upon, how these applications handle system interactions – everything – is hard coded.

They simply cannot share their code without losing what limited capabilities they currently possess.

On one hand, there is the obvious benefits of open source and, on the other, the real limitations cybersecurity companies face in not sharing their code.

So what can we do?

Moving To A Hybrid System

The first critical step is to stop hard coding everything and, instead, move to workflow engines for all security behaviors.  This approach enables code to be shared and then to have the actual work controlled in detection and remediation workflows.  Since a workflow engine can be generic, standardizing the language of these workflow engines would enable a completely open system for sharing a common framework across numerous vendors.

While that satisfies the intent of Open Source, it is not a very secure design given the ability to inject malicious steps into a given complex remediation workflow – hence the “hybrid” part.

Consider this diagram which is something we are currently building and that we feel is a viable path to overcoming the challenges revolving around open source cybersecurity.  To this end, cybersecurity researchers are verified and securely transmit remediation workflows into a common core system.  That central system then runs the remediation across all applicable devices, networks and environments to verify the effectiveness and security of that remediation.  Once approved, the workflow is released (in our case as a visual operational tool) into the common framework where it can be used by any customer.  As the remediation is used, the cybersecurity researcher obtains a royalty for their efforts.

The critical aspect of this architecture is ownership of the managed platform and, for this to work, that ownership has to be provided to each customer.  Of course there are maintenance fees and such for keeping the system viable over time but even that work can be supported by multiple vendors.  In this manner, the customer obtains complete control over their security with no vendor lock-in while enabling a massive system of secure remediation, device maintenance, and other such options at a scale far beyond any single provider.

This is a true collaborative effort, at scale, and it is what open source pushes for and what cybersecurity desperately requires.