A week doesn’t go by when there isn’t at least one headline about a substantial breach and loss of sensitive data and/or money.   What’s the right model?  Who has the answer?

The current plethora of security tools and solutions that take a defensive approach with time-consuming manual detection and remediation obviously aren’t helping companies improve their security posture. This clearly needs to change, and the change will inevitably come from a disruptive startup as many of the current incumbents suffer from Innovator’s Dilemma. Trying to solve problems with the same approaches that got us into this mess isn’t going to change the outcomes. It’s time for a new way of thinking, with the tools now at our disposal.

Security is broken and needs to be fixed right away.

What’s needed is an overall framework or platform that seamlessly integrates current and future best-of-breed solutions and performs penetration and application security testing against a copy of the production infrastructure before the code updates are deployed.

Security best practices are now maintained in real-time, instead of running potentially chaotic tests during prime business hours against your production infrastructure. CISOs and their teams are now part of the “DevOps toolchain,” instead of being either a prohibitive gate or discovering vulnerabilities that have been deployed days/weeks/months after the fact. It’s time to think differently.

New security frameworks from the chip all the way up to the top of the stack are being crafted. Startups and big companies are trying to create the lofty goal of automating the detection of security vulnerabilities and the orchestration of remediation without manual, human interaction. The corresponding data around those actions is stored to assist the platform in becoming smarter over time. CISOs and their teams are now freed up to spend time on innovation and development, instead of always being in reactionary, “fire-fighting” mode. CISOs and their teams should be able to focus their energies and experience on issues and opportunities that will build their business versus being drowned by the unrelenting waves of security vulnerabilities they currently face.

New security methods are needed now and whoever can crack this code wins the market.