- Security TWENTY
- Women in Security
IT security people need to evaluate tools and processes with a fresh set of eyes, it’s suggested. Steve Salinas, Product Manager at Alert Logic, a provider of Security-as-a-Service for the cloud, writes.
For those of us in the technology industry comparing Moore’s Law to technology advancement is nothing new. Moore’s law holds that computer processing power will double every two years. Aside from a few peaks and valleys, I think most would agree that this is true. I contend that Moore’s Law, at least in principle, holds true for malware and attack methods as well. Unless you have been hiding under a rock the last few years you are fully aware that cybercrime has exploded in recent years. Hackers, who once had to build their own malware from scratch, now have access to numerous toolkits that make developing their own variant of malware easy. For the hacker who would rather spend their money than their time on malware, there are even malware exchanges where anyone can buy malware built for anything from controlling a webcam to siphoning credit card information, and anything in between. Combine the ease by which hackers can access malware with the way social media makes it easy to organise groups of people around the world and you have a dangerous new frontier. Attackers, who can work together to target an organisation, steal data and cover their tracks, all under the guise of anonymity. How can you defend yourself from this new breed of attackers?
As I wrote about a month ago, Neil MacDonald proposes that now is the time for companies to turn their focus from an incident response model of security to one that provides continuous response. MacDonald coins this as a Continuous Advanced Threat Protection approach to security. While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities.
To truly make the shift towards MacDonald’s continuous response [Gartner analyst Neil MacDonald proposes that companies focus from an incident response model of security to one that provides continuous response], security professionals need to evaluate tools and processes with a fresh set of eyes. Here are four things to consider when making this necessary shift in security approach:
Where is my most sensitive data?
Many tools and services available in the market focus on the end point, which makes sense. Employees are using laptops, tablets, and Smartphones to access your company sensitive data around the clock, but where is the data they are accessing? That’s right, your data centre. While the impact of losing a laptop to a compromise is no laughing matter, the impact of losing a server filled with company confidential information, product development plans, source code, and the like to a compromise can bring down an organisation. Looking at your risk from this perspective can open your eyes to the importance of having rock solid data centre protection.
How is the cloud going to impact my data centre?
If you have not already moved some of your critical data centre infrastructure to the cloud, there is a good likelihood that business drivers will move you in the direction of the cloud sooner than later. Securing data centre assets in the cloud presents quite a challenge, especially if you are outfitted with products designed to protect physical data centres. The cloud is ephemeral by nature. Unlike physical assets the very nature of your data centre can change quickly. If your security products expect static IP addresses, for instance, you will run into issues fast. With the rise of DevOps and automated deployment, new assets can be added to a cloud environment continuously making it difficult for your security products to protect them. Make sure that when you are selecting products select products designed to protect physical assets as well as cloud environments.
What do I need to do to gain visibility across my data centre environment?
Now that you know you need to beef of your data centre protection and prepare for the cloud, the next question to answer is how. First you should determine what assets are in your data centre and how are they accessed. Most organisations have file servers, web servers, databases, as well as some applications hosted in their data centre. Beyond the basic anti-virus you will need some technology that can scan your network traffic for abnormal movement of data. You will also need a web application firewall that can sits behind your network firewall and in front of your websites and applications to protect you from specific web application attacks. Lastly you will need a log management solution that can make sense of all the information your security tools generate. With the tools in place you need to find quality, skilled resources that understand how to use them. Security expertise is a critical component of a security approach as they provide the human analysis that enables you to not only understand the threats impacting your data centre but also how to remediate the issues. These experts need to monitor your security platform 24×7 as the attackers many times will attempt to penetrate your environments when the rest of us are sleeping. Be prepared though, these experts are in high demand and do not come cheap.
Where do I get the intelligence I need to protect me from emerging threats?
Now that you have the tools and the people to protect your data centre, you need figure out how to gain insights into threats that this new breed of attackers are using to steal data. There are a number of open source threat intelligence
By no means are these the only questions you need to ask yourself when building out a security platform to protect your most sensitive data, but it’s a good start.