Cybersecurity Mesh Architecture: What It Is and How to Build It 

Why Do You Need a Cybersecurity Mesh Architecture?

As cyber assaults intensify in number and sophistication, and while companies’ attack surfaces grow in size and complexity, security teams are seeking new ways to manage the onslaught. Migrating to the cloud, often taking advantage of the services of multiple cloud providers, confers a number of benefits. But it also means that companies are protecting their assets on multiple fronts using a variety of tools, which can tax security teams while reducing effectiveness. 

Increasing cybersecurity efficacy requires a new strategy. Gartner coined the term “cybersecurity mesh” to describe an integrated security approach that protects individual (often distributed) assets in a network and establishes layers of security to connect all of the tools used across the system. A Cybersecurity Mesh Architecture (CSMA) allows companies to take a modular approach to the cybersecurity stack, bringing together best-of-breed solutions such as the integrated security offering from Mimecast, Netskope, and CrowdStrike.

Mesh architectures are expected to deliver significant benefits in taming the complexity of securing systems, devices, and data in a hybrid and/or multi-cloud environment. But the prospect of assembling a cohesive ecosystem of technologies itself can be daunting. And the cybersecurity mesh is new and still evolving. In this blog, we outline steps companies can take now to benefit from new solutions in this emerging area and begin reaping the rewards of the CSMA in the short to medium term.

Benefits of Cybersecurity Mesh Architecture

The benefits of implementing a cybersecurity mesh architecture include:

• A standardized and responsive security approach
• Distributed architecture that is flexible, scalable, and reliable
• Prevention from hackers exploiting different parts of a network

Cybersecurity Mesh Architecture: Definition

A Modular Solution for Modern Problems 

Traditional approaches to security architecture — adopting point solutions that operate independently — were made for a simpler time when most systems were housed in a company’s own data center. Taking that tack today is suboptimal at best and can lead to escalating costs and risks. 

That’s where the CSMA comes in. Designed to consolidate cybersecurity management and orchestration across technology environments, a CSMA is comprised of four layers, each playing a specific role in enabling the central configuration and management of a “mesh” of security controls:

• Security analytics and intelligence: This layer ingests data and insights from security tools to provide threat analysis and trigger responses. 
• Identity fabric: This is where foundational identity capabilities reside, such as identity proofing and entitlement management. 
• Consolidated policy, posture, and playbook management: This layer orchestrates centralized policy, checks and coordinates security posture, and manages and orchestrates playbooks. 
• Consolidated dashboards: These offer an overarching view of the ecosystem for security teams.

Assembling these four layers bolsters a company’s cybersecurity posture in a number of ways, enabling more efficient responses, enhanced detection capabilities, more adaptative and granular access control, and more consistent policies and management. 

How To Start Implementing a Cybersecurity Mesh Architecture

Specifications and standards are only beginning to emerge in the CSMA space. However, there are a couple of steps companies can take right away that will ultimately enable a full CSMA implementation — and that will be beneficial regardless of how the marketplace matures.

Companies can start by performing an asset protection inventory, assessing the maturity of their existing security tools on the basis of their integration, advanced analytics, and real-time risk scoring capabilities. At the same time, they can also evaluate their own appetite for the work required to build a CSMA, evaluating how much to invest to achieve their desired end state.

Once that foundational work is done, there are four ways companies can begin to work toward a CSMA, keeping in mind that sometimes a combined approach is best.

• Exploit existing connectivity options: Building a CSMA is about building connections between security tools and controls. A good first step is to assess what security tools your organization has already installed, and how these tools integrate. Creating effective connections among existing tools is likely to involve using a mix of vendors’ proprietary integrations as well as open specifications and standards for addressing any vendor interoperability gaps.
• Deploy consolidated security platforms: Security vendors are increasingly offering consolidated security platforms made up of tightly coupled tools that utilize common data and control planes. Companies that adopt these platforms can get much closer to a CSMA — and achieve some of its benefits.
• Build your own layers: Security teams can opt to DIY, making targeted investments in each of the four CSMA layers that can give their company flexible capabilities in the short term and support the long-term goal of a cybersecurity mesh. Products that take a cybersecurity analytics approach will offer the most value in creating a CSMA.
• Evaluate emerging technologies: Vendors recognize the value of the CSMA and are bringing new products to market to capitalize on it. Companies can explore and invest in emerging technology solutions, again with a focus on those that apply data and analytics principles to security information.

The Bottom Line

Companies will face the challenge of protecting their data and networks in an increasingly dispersed technology environment for the foreseeable future, and CSMA is emerging as an attractive solution. Now is a good time to consider how both current tools and future investments might fit into a CSMA strategy. Read more about how Mimecast can help you on your mesh journey.