Understanding the Cybersecurity Mesh Architecture 

Dwayne Thaele
4 min read
Understanding the Cybersecurity Mesh Architecture 

As cyber attacks increase and businesses add new — and strengthen existing — security solutions, new security strategies and approaches are emerging. One that shows particular promise and is heavily touted by analyst firm Gartner is a cybersecurity mesh architecture (CSMA) approach. The approach is a logical evolution and synthesis of multiple best practices. 

Before we look further, it is important to be clear that cybersecurity mesh (CSM) is currently best described as an early-stage approach to security. CSM is not a specific platform or solution from any vendor. Some of the capabilities that will make CSM be CSM are not yet here. And though there are no authoritative and universally accepted CSM definitions, there is consensus emerging about the characteristics a CSM solution should have. 

The cybersecurity mesh concept 

The conceptual bases that underlie CSM include identity as perimeter, defense in depth, and Zero Trust. As such, a starting point to understanding CSM would be to think of your security perimeter as protecting at the level of the individual device or node. Each node could have multiple forms of protection, and no attempt to reach any node would be trusted by default.  

This provides exceptional flexibility. Any node that you consider to be part of your enterprise could be protected whether it is inside or outside a central firewall, at a remote site or home office, in a public cloud, at the edge, in an Internet of Things device, or anywhere else. The multiple forms of protection refer to every security tool you are using anywhere in your enterprise, because CSM aims to make all your security tools interoperable.  

As part of that interoperability, every security tool in the mesh should share data with every other tool and with the CSM platform. If this sounds something like security information and event management (SIEM); security orchestration, automation and response (SOAR); extended detection and response (XDR); or other current technologies, it should. Even though none of them does everything a CSM is intended to do, each of them has a role to play. In short, they can become important components of a cybersecurity mesh. 

Cybersecurity mesh layers

Because the benefits of cybersecurity mesh arise as a synthesis of its structure, it helps to describe the structure in categories. Gartner does this with a taxonomy of layers. They are, in no particular order, security and intelligence, distributed identity fabric, consolidated policy and posture management, and consolidated dashboards. 

Where the action is: the security and intelligence layer  

The ability to identify and respond to ongoing and immediate threats and to predict and prevent future threats is a function of the security analytics and intelligence layer. This layer is where you will find solutions that aggregate data from security tools that are part of the mesh and then apply analytics and AI to derive both analytics — this user account is compromised, that data has been exfiltrated — and actionable intelligence —this attacker is likely to launch a DDoS attack. The intelligence is actionable because CSM calls for solutions that orchestrate the actions of any single tool or combination of tools that are part of the mesh —initiate the DDoS attack response plan.  

A robust new perimeter: the distributed identity fabric layer

Protecting the enterprise at its perimeter extends and blurs the boundaries between remote locations and home offices, multiple clouds, and an increasingly busy edge. This protection will be enabled by the distributed fabric identity layer. The fabric is an abstraction layer that decentralizes identity; it is where you find solutions such as identity and access management, entitlement management, adaptive access, and identity proofing. Reframing the security perimeter to view it as applying at the node level relies on a distributed identity fabric. CSM promises both interoperability and orchestration of identity solutions, which will serve as a foundation for identity as perimeter. 

One rule fits all: the consolidated policy and posture management layer

Simplifying the complex tangle of organizational, system-specific, and even device-level security policies that are time-consuming to maintain and amplify potential for human error is enabled through the consolidated policy and posture management layer. The planned capabilities of a cybersecurity mesh include allowing security professionals to set a single policy and have that policy applied automatically to all relevant devices in the mesh, in the correct configuration for each device. This enables management of the business’s global security posture from a central location. 

Your security landscape at a glance: the consolidated dashboards layer

Responding rapidly and effectively to security events will become easier, thanks to the consolidated dashboards layer,. CSM calls for a composite view of data from every security tool in the mesh and should eliminate the need to switch off among proprietary interfaces. That view will also help in assessing the effectiveness of consolidated security policies and the appropriateness of the business’s current security posture.  

The path to cybersecurity mesh

There are significant obstacles to achieving CSM. The requirement for security tool interoperability depends on wide adoption of open standards and efforts at API development among an ocean of tool vendors. This will necessarily be a gradual transition, with some vendors moving early to interoperability and others following in time. The creation and implementation of a robust identity fabric faces similar technical hurdles. But it will also require massive behavioral changes among users. 

Adopting a cybersecurity mesh approach to security can’t happen overnight. But you can move toward it much faster if you look at decisions you are making today through a CSM lens.  

If you would like to learn more about CSM and other high-profile cybersecurity trends and issues, we invite you to check out our eBook, The CISO’s Guide to the Future of Enterprise Software Security 

You may also like: 

Looking for thought-provoking, educational content? Check out Street Wise, your one-stop shop for authoritative articles, interviews, blogs, and more from industry leaders on today’s hottest topics.