A better security posture doesn’t always mean investing in the latest technology.
When talking about transformation, everyone wants to throw away the old and start fresh. But is that always the right thing to do? From a cybersecurity perspective, I would say not so fast.
I agree that new security technologies for automation and orchestration, analytics, machine learning, and artificial intelligence are powerful, disruptive and game changing, but some of your older cyber technology works. It just may require a little fine-tuning and TLC.
Let’s look at six traditional technology areas you can inspect to ensure you’re getting the most out of your existing security investments.
When was the last time you evaluated your firewall performance or firewall rules? In general, an organization’s IT security policies should be built to give visibility into traffic, reduce the attack surface, prevent new threats and detect unknown threats. Organizations should review all firewall policies for optimal configuration and deployment, whether these policies are being applied to traditional firewalls or next-generation firewalls (NGFWs). For NGFWs, make sure you’re applying best practices when it comes to IPS/IDS, filtering, SSL inspection, and application control/scanning before focusing on extending integrations into endpoints, threat intelligence, cloud and other areas.
Intrusion prevention system (IPS)
Let’s talk about that investment you made in an intrusion prevention system (IPS) years ago. Now’s the perfect time to evaluate, add, edit and delete polices and configuration settings. In addition, evaluate and gain a better understanding of your current deployment modes, whether they’re passive, inline or other.
If you happen to be wondering why your sensors are consistently running at a CPU utilization of more than 90 percent, it’s time to look deeper and find out if it’s a result of configuration, vendor software issue or a needed upgrade.
Before investing in a new IPS, look at what you currently own and make sure it’s optimized. If it is, then you can begin to look beyond centralized event management to security analytics to identify real or potential incidents by correlating traditional data sets like firewall logs with non-traditional data like user behavior and physical security.
Your company may be considering a global refresh of your network. If so, I have to ask: when was the last time you performed an independent review of your network’s security architecture to ensure it’s locked down. Is there a plan to create a segmentation strategy? Have you created zones to proactively house Internet of Things (IoT) technology as well as operational technology (OT)?
Flat networks are still very common. Meaning most, if not all, devices on a network have access to each other, at least from a general connectivity perspective. Separating parts of a network for additional control allows for better containment and response to security incidents. Make sure you’re taking steps to segment your network before moving full steam ahead with a global network refresh.
As the business pushes big data initiatives, many IT leaders are daunted by how to securely manage the volume, variety and velocity of data within their organizations. Simple things you need to ask yourself are: do you know where your sensitive data is stored? Do you have an enterprise approach to data at rest encryption, and certificate and key management? Do you have a data classification policy? Have you even done a security assessment of your disaster recovery plan?
As a result of the rising popularity of enterprise-managed devices, there are a growing number of mobile security tools on the market. It’s important to determine how best to integrate these tools with an enterprise mobility management (EMM) solution. You should also make sure you’ve defined your mobile security requirements and have performed security testing for mobile application development.
Every enterprise is moving something to cloud, but not every cloud discussion includes security. If security team members aren’t active participants in meetings about cloud strategy and implementation, it’s time to change that. The continued and growing significance of SaaS, combined with persistent concerns about security, privacy, and compliance, continues to increase the urgency for control and visibility of cloud services. Remember, it’s all about risk management.
Starting off on the right foot
Media outlets always like to predict what’s to come in the near future. My favorite one is from Brian Krebs, an American journalist and investigative reporter, who says, “I don't do security prediction stories. But if I did, here'd be mine: Gobs of companies will continue to pay only lip service to security.” And how true that is!
According to various reports, cybercrime damage can go as high as $6 trillion annually, and security vendor RedSeal stated that 72 percent of CEOs say cybersecurity metrics lack meaning or context. Meanwhile, the enterprise cyber stack is growing in complexity with most organizations housing 50-75 different solutions in their environments. Maintaining all this technology, let alone realizing its effectiveness and efficiency, is a challenge.
Take an architecture-centric approach to network design to define security requirements and identify areas for better solution integration and/or consolidation.
This brief checklist will make sure you start off on the right foot.
- Assess and evaluate your current security technology investments.
- Ensure you have senior executives, corporate board members and other senior stakeholders bought into your security program and engaged in their execution.
- Know that while moving to the cloud can reduce the scope of traditional security work, it doesn't eliminate it. Make sure your cloud strategy and implementation plans include security.
- Evaluate your recruitment/employment processes, so you can attract and retain top talent. Unfilled cybersecurity jobs could reach over 1.5 million by 2019!
- Be constantly vigilant. Conduct ongoing and continuous risk assessments of people, process and technology.
Hopefully we can keep in mind that we don’t have to throw out the old to achieve a new level of enterprise security.