Take a Product Tour Request a Demo Cybersecurity Assessment Contact Us

Blogs

The latest cybersecurity trends, best practices, security vulnerabilities, and more

Adopting a Responsible Security Ethos

Overview

As the cybersecurity landscape becomes more complex and interconnected, the need for clear, standardized approaches to protection has never been more important. Today, cybersecurity isn’t just about securing systems - it’s about fostering accountability, transparency, and collaboration between cybersecurity providers and their customers.

The modern cybersecurity landscape is highly fragmented, lacking uniform standards for accountability, which has left many organizations vulnerable to inconsistent protection. In fact, according to Trellix's Mind of the CISO report, nearly half of cybersecurity professionals feel the lack of uniform practices and accountability has created serious challenges in their roles. This issue has become a roadblock to maintaining consistent, reliable security, creating vulnerabilities attackers can easily exploit.

To help organizations address these issues and strengthen operational resilience, Trellix has developed a guideline for responsible security practices based on the three principles of respect, protect, and connect. Adhering to these principles can help vendors hold themselves accountable for responsible security practices while empowering customers with the knowledge and tools they need to better understand and manage their cybersecurity needs.

Core principles

  1. Respect
  2. This principle emphasizes the importance of vendors respecting customer systems and operations. Vendors are expected to prioritize transparency so customers have insight, input, and make decisions for security processes. Vendors should also enable gold-image testing of products and/or adhere to customers' desired change windows. Lastly, vendors must consciously minimize their footprint and respect customer endpoints, especially when operating at the kernel level.

    By adhering to this principle, vendors ensure their products are built with resiliency and integration in mind, allowing customers to maintain stronger defenses without being tied to a single solution provider.

  3. Protect
  4. Under the Protect principle, vendors and customers are encouraged to prioritize security in all operations. This includes ongoing training, certification, and testing to ensure all parties remain vigilant against emerging threats. Vendors should deliver standardized rollouts, so customers have clearly defined phases and/or steps that are incrementally tested.

    In short, Protect is about maintaining continuous, proactive security practices that evolve as threats change, keeping systems safe, reputable, and resilient.

  5. Connect
  6. Cybersecurity doesn’t exist in a vacuum - systems, products, and vendors need to work together in an interconnected world. The Connect principle emphasizes the importance of interoperability and open communication between vendors. By adopting an ecosystem mindset for APIs and ensuring their products integrate smoothly with others, vendors can help create a security landscape that is less fragmented and more cohesive. This involves open messaging between security providers.

    For customers, this principle encourages adopting integrated security solutions working across platforms and providers, offering more robust protection and more flexibility. Products should be built with integration and cooperation in mind to eliminate single points of failure.

Next steps

As cyber threats evolve, the cybersecurity community must adopt standards promoting accountability, transparency, and collaboration. Adopting principles to ensure responsible security practices will help organizations achieve their goals by setting clear expectations for vendors and empowering customers with the knowledge and control they need to stay safe.

In the year ahead, we’ll see an increased appetite and strengthened approach to community and collaboration across industries, with a focus on integrated solutions, as we work to secure the ever-expanding digital landscape. Boards are already becoming more involved in cybersecurity purchasing and decision-making, with many CISOs routinely reporting on risk management. Adhering to the principles of Respect, Protect, and Connect can enable cybersecurity providers to deliver consistent, reliable protection customers can trust. In doing so, they strengthen individual systems and contribute to a more secure and resilient digital world.

For more information, watch our GenAI Powered Responsible Security Virtual Summit on-demand to discover how to foster trust, stability, and resiliency, with intelligence.

Adopting responsible security practices

Here is a checklist for vendors, customers, and policymakers to ensure the continued adoption of responsible security practices.

For vendors:

  • Adhere to industry best practices based on the Respect, Protect, and Connect principles.
  • Empower customers with the “right to know” to choose when to take advantage of new detection functionality.
  • Remain fully transparent and do not obscure an agent’s use within system processes.
  • Prioritize security by consistently deploying architectures that are safe and self-tested.
  • Encourage interoperability between multiple vendors and systems. 

For customers:

  • Customers should have a say in when and how security functions are implemented, ensuring they’re aware of any changes that might impact their systems. This includes proactively requesting positive opt-in for all kernel changes/updates, as well as mandated canary testing.
  • Customers should prioritize transparency from vendors, requiring vendors to provide insight into every part of their system and security processes.

For policymakers:

  • Use the power of procurement to encourage all vendors to follow responsible security practices when designing and deploying cybersecurity solutions to government agencies.
  • Encourage fair and open competition for government cybersecurity contracts, as opposed to bundling disparate software solutions into department-wide contracts from a single vendor.
  • Any cybersecurity executive order should focus on updating procurement policies and technical standards to prioritize acquiring safe and responsible security solutions for customers.

Get the latest

Stay up to date with the latest cybersecurity trends, best practices, security vulnerabilities, and so much more.
Please enter a valid email address.

Zero spam. Unsubscribe at any time.