April 4th, 2023
Cybersecurity middleware: abstraction layer for cybersecurity
Ross Haleliuk
The origins of cybersecurity middleware
Almost eight years ago, Christof Jungo, who was at the time head of security architecture and engineering at Swisscom, proposed the idea of cybersecurity middleware. Christof’s idea was that although it is easy to collect all security telemetry in one place, it is difficult to operationalize it for fast and efficient incident response. He proposed a concept of interchangeable and interoperable parts that can act as a middleware, a higher-level abstraction layer for security. Jon Oltsik, a senior principal analyst at ESG, attended Christof’s presentation and wrote two fantastic pieces about it:
Fast forward to 2023, and the concept of cybersecurity middleware has finally become a reality.
The case for cybersecurity middleware
The easiest way to understand the concept of cybersecurity middleware is to look at the evolution of IT.
About 15 years ago, IT had a large gap between developers and implementers. Most professionals in enterprise were implementers, taking the “boxed products” developed by vendors, and applying them as-is as solutions internally to their enterprise. Buyers purchased all-in-one solutions from vendors. As the IT industry grew in size and complexity, professionals also grew in maturity. More and more, professionals were expected to assemble more complex solutions from multiple parts in order to solve issues and infrastructures unique to their environment. The concept of a single vendor offering a cookie-cutter product that solves everything for everyone became laughable. IT professionals began looking for products that fit together like Lego blocks: primitives, not cookie-cutter solutions.
Filling this void in the product space was AWS. It offered new unique value propositions:
Bypass internal IT: no more requests to rack-and-stack servers months ahead of time.
Bypass legacy vendors: no more negotiating complex 3-year contracts over two months.
Primitives, not boxed products: each AWS product was a “primitive”, a core implementation of the solution required, designed to plug and play with other products
Shifting our view to cybersecurity, we can see the same shift happening. Security technologies that once were cutting-edge are now well understood by most practitioners. This is in turn driving a move away from promise-based security, where a vendor sells the promise that they are somehow the best around, to proof-based security, where a CISO has the ability to demonstrate what they are defending against. The MITRE framework took the old approach of buying many products based on marketing and flipped it on its head: figure out the threats to your business and then buy the specific products required to mitigate those threats.
Like any field growing in complexity (like IT), cybersecurity is formalizing its core concepts and moving to relying more on building block solutions than on promises. Given the increasing complexity of technologies and the enterprise landscape, a similar shift to the one IT has seen is inevitable.
LimaCharlie’s approach to security
LimaCharlie is a cybersecurity middleware platform that gives you full control and visibility over your security posture. As a toolkit of interoperable API-driven components, LimaCharlie can be used in a near limitless fashion depending on your specific use case. Cybersecurity middleware is not a new abbreviation of yet another security widget. Instead, it’s a way of delivering security capabilities.
LimaCharlie delivers core components of security infrastructure in a manner similar to that of AWS, GCP, or any other cloud provider:
Focus on providing security capabilities instead of boxed products
Ease of access to solutions, bypassing legacy procurement processes
Lego blocks (“primitives”) designed to work together
Built API-first, fully transparent, interoperable, and testable components of security infrastructure
Common fabric for integration and operationalization of security tools
Common building blocks for new cybersecurity companies looking to get to market faster
Over the past decade, it became clear that we cannot keep adding more and more point solutions, and hoping that it will help us future-proof our security operations. A new approach is needed, one that offers neutral security infrastructure that can be fully tailored to the individual organization’s environments. An approach similar to the one which enabled Henry Ford to make the Model T an affordable car for the masses, is needed to make cybersecurity more mature and more effective as a discipline. LimaCharlie is excited to be at the forefront of innovation and bring cybersecurity middleware to the industry.
Getting started with LimaCharlie
LimaCharlie’s cybersecurity middleware gives you full control and visibility over your security posture and helps you build the security program you’ve always wanted.
To see for yourself how LimaCharlie can be leveraged to defend against insider threats, try it for free or book a demo.