Remember, one size does not fit all
Somebody who has to manage an information security (INFOSEC) program these days has more than an enough to deal with, and they have a ton of vendors coming to them saying this is better than that, that is better than this and a wiz bang widget can take care of it all.
When it comes to security risk and compliance, that can raise a lot of fear, uncertainty and doubt.
The expanding security and risk management landscape includes numerous categories of concern, ranging from protecting brand reputation and critical information to meeting ever-changing compliance and regulatory demands.
Technologically speaking, an organization needs to think about a few important things to get clarity and focus.
Start by asking questions like:
- Do we have an enterprise security architecture to include people, process and technology?
- Do we have a continuous improvement model around security?
- Can we identify which security vendor products we currently use (e.g. firewalls, IDS/IPS, analytics and dashboards)?
- Do we need big data security analytics to detect security anomalies in the environment?
Once you begin to answer some of these basic questions, you then need to really look in the mirror and ask yourself, “How mature is my organization?”
In other words, are we doing this in an ad-hoc manner or are we truly advanced in these areas? Can we really identify, measure, manage and monitor risk and threats effectively?
The more mature organizations are just now recognizing the ineffectiveness of policies aimed at providing absolute, so-called protection of all organizational assets.
Rather, they’re learning how to measure effectiveness according to how well they execute their plans and meet their goals in terms of establishing awareness, optimizing defense capabilities, and responding to threats, breaches and compliance gaps.
It’s pretty darn scary after reading a number articles about organizations being breached and learning about it months and months after the hacker has been in your house, sleeping in your bed and raiding your most critical assets from your most precious servers. Okay, that sounds like a theme in a children’s book I read long ago.
The point is, organizations need to adopt a model that combines network access tools, aggregated sensor data, threat feeds and security analytics, along with new techniques for using these resources within an integrated OEM framework and not just that single “big bad” appliance from that vendor your buddy works at.
This model will help you begin to combat sophisticated attacks, including advanced persistent threats, and hopefully reduce that median number of days of detection to zero.
No, this does not mean run down the hall and request that budget for shiny new tools. But it does mean run down the hall into your data center and see if your security environment is conforming to your goals and objectives, applicable regulations and standards, and applicable industry best practices.
It’s impossible to prevent every breach. However, with proper readiness, awareness, prevention, detection, analysis and responding to the most advanced threats quickly, effectively and efficiently, you can protect yourself, your customers and your key partners from being on CNBC or the front page of the WSJ.