Blogs
The latest cybersecurity trends, best practices, security vulnerabilities, and more
Adopting a Responsible Security Ethos
By Ashok Banerjee · December 17, 2024
Overview
As the cybersecurity landscape becomes more complex and interconnected, the need for clear, standardized approaches to protection has never been more important. Today, cybersecurity isn’t just about securing systems - it’s about fostering accountability, transparency, and collaboration between cybersecurity providers and their customers.
The modern cybersecurity landscape is highly fragmented, lacking uniform standards for accountability, which has left many organizations vulnerable to inconsistent protection. In fact, according to Trellix's Mind of the CISO report, nearly half of cybersecurity professionals feel the lack of uniform practices and accountability has created serious challenges in their roles. This issue has become a roadblock to maintaining consistent, reliable security, creating vulnerabilities attackers can easily exploit.
To help organizations address these issues and strengthen operational resilience, Trellix has developed a guideline for responsible security practices based on the three principles of respect, protect, and connect. Adhering to these principles can help vendors hold themselves accountable for responsible security practices while empowering customers with the knowledge and tools they need to better understand and manage their cybersecurity needs.
Core principles
- Respect
- Protect
- Connect
This principle emphasizes the importance of vendors respecting customer systems and operations. Vendors are expected to prioritize transparency so customers have insight, input, and make decisions for security processes. Vendors should also enable gold-image testing of products and/or adhere to customers' desired change windows. Lastly, vendors must consciously minimize their footprint and respect customer endpoints, especially when operating at the kernel level.
By adhering to this principle, vendors ensure their products are built with resiliency and integration in mind, allowing customers to maintain stronger defenses without being tied to a single solution provider.
Under the Protect principle, vendors and customers are encouraged to prioritize security in all operations. This includes ongoing training, certification, and testing to ensure all parties remain vigilant against emerging threats. Vendors should deliver standardized rollouts, so customers have clearly defined phases and/or steps that are incrementally tested.
In short, Protect is about maintaining continuous, proactive security practices that evolve as threats change, keeping systems safe, reputable, and resilient.
Cybersecurity doesn’t exist in a vacuum - systems, products, and vendors need to work together in an interconnected world. The Connect principle emphasizes the importance of interoperability and open communication between vendors. By adopting an ecosystem mindset for APIs and ensuring their products integrate smoothly with others, vendors can help create a security landscape that is less fragmented and more cohesive. This involves open messaging between security providers.
For customers, this principle encourages adopting integrated security solutions working across platforms and providers, offering more robust protection and more flexibility. Products should be built with integration and cooperation in mind to eliminate single points of failure.
Next steps
As cyber threats evolve, the cybersecurity community must adopt standards promoting accountability, transparency, and collaboration. Adopting principles to ensure responsible security practices will help organizations achieve their goals by setting clear expectations for vendors and empowering customers with the knowledge and control they need to stay safe.
In the year ahead, we’ll see an increased appetite and strengthened approach to community and collaboration across industries, with a focus on integrated solutions, as we work to secure the ever-expanding digital landscape. Boards are already becoming more involved in cybersecurity purchasing and decision-making, with many CISOs routinely reporting on risk management. Adhering to the principles of Respect, Protect, and Connect can enable cybersecurity providers to deliver consistent, reliable protection customers can trust. In doing so, they strengthen individual systems and contribute to a more secure and resilient digital world.
For more information, watch our GenAI Powered Responsible Security Virtual Summit on-demand to discover how to foster trust, stability, and resiliency, with intelligence.
Adopting responsible security practices
Here is a checklist for vendors, customers, and policymakers to ensure the continued adoption of responsible security practices.
For vendors:
- Adhere to industry best practices based on the Respect, Protect, and Connect principles.
- Empower customers with the “right to know” to choose when to take advantage of new detection functionality.
- Remain fully transparent and do not obscure an agent’s use within system processes.
- Prioritize security by consistently deploying architectures that are safe and self-tested.
- Encourage interoperability between multiple vendors and systems.
For customers:
- Customers should have a say in when and how security functions are implemented, ensuring they’re aware of any changes that might impact their systems. This includes proactively requesting positive opt-in for all kernel changes/updates, as well as mandated canary testing.
- Customers should prioritize transparency from vendors, requiring vendors to provide insight into every part of their system and security processes.
For policymakers:
- Use the power of procurement to encourage all vendors to follow responsible security practices when designing and deploying cybersecurity solutions to government agencies.
- Encourage fair and open competition for government cybersecurity contracts, as opposed to bundling disparate software solutions into department-wide contracts from a single vendor.
- Any cybersecurity executive order should focus on updating procurement policies and technical standards to prioritize acquiring safe and responsible security solutions for customers.
RECENT NEWS
-
Jan 14, 2025
Trellix Accelerates Global Partner Growth with Revamped Xtend Partner Program
-
Jan 13, 2025
Trellix Promotes Gareth Maclachlan to Chief Product Officer
-
Dec 10, 2024
Trellix Encryption Solutions Protect Data From Insider Threats
-
Dec 9, 2024
Trellix Achieves U.S. Department of Defense IL5 Certification to Protect Mission-Critical Data
-
Dec 9, 2024
U.S. Navy Chooses Trellix to Protect Navy Enterprise Grid from Stealth Cyber Threats
RECENT STORIES
Latest from our newsroom
Get the latest
Stay up to date with the latest cybersecurity trends, best practices, security vulnerabilities, and so much more.
Zero spam. Unsubscribe at any time.