Advance Your Approach to Ensure Security Against Advanced Threats
Author(s): Jai Arun, Posted on April 27th, 2015
5 Things You’re Doing…But Are You Doing Them Well?
Security is not just a discussion of business and technology anymore. Major enterprise security and data breach incidents in recent years, and heightened regulatory and compliance scrutiny, have elevated the priority and focus of security to the enterprise board room level. This trend empowers CSOs and CISOs with positive support and funding from the top level, but also raises expectations of proactive and adaptive security capabilities across the enterprise.
Most enterprises have business-critical information in operational or IT systems on premise or in the cloud that is hyper-connected with mobile or Internet of Things (IoT) devices. The nature of this business infrastructure presents significant complexity and challenge to ensure security across people, data, applications, systems and devices along with the required level of governance, risk, regulation and compliance. Hence, traditional approaches to security are insufficient to provide the right access to the right data to the right people on the right systems or devices.
In order to drive business in a secure way, CSOs and CISOs must think about a holistic and advanced approach to ensure security against rapidly proliferating advanced threats. It’s hard to predict all possible threats; however it is possible to proactively mitigate and manage the risk against these threats with intelligence and an advanced approach including following five key steps:
- Strategy and Assessment: Thoroughly assess your business, plus operational and physical, plus logical security posture – and plan periodic reviews because threats are not stagnant. Based on the security posture assessment, develop a comprehensive security strategy to maximize the return on investment and meet the corporate and industry goals for governance, risk and compliance programs. Technology architecture and strategy must be developed keeping business needs in mind and with deep vulnerability, penetration and compliance testing and analysis of the entire infrastructure that interacts with the enterprise – including customer, and partner systems, people, and policies.
- Planning and Design: A ‘Secure First’ policy must be the primary intent in the planning stage in order to ensure a proactive and adaptive defense posture. ‘Secure by Design’ should be the mandate for all the physical and IT systems, data, applications, mobile, cloud, network and IoT endpoints. The overall security design must be pliable so that regulations can be easily attained for relevant industry compliance such as EFTA, EI3PA, FISMA, GLBA, HIPPA, HITECH, ISO, NIST, NERC, PCI DSS, PIPEDA, PSQIA, SEC OCIE, SOC and SOX. A design for secure business also requires a robust and real-time intelligence infrastructure to swiftly detect, prevent and remediate advanced threats and vulnerabilities. Planning and design documents should have well-defined and centralized policies and ownership for access, control, governance, risk and compliance management.
- Implementation and Deployment: As contemporary business infrastructures are very complex and dynamic, implementation of security is a daunting task. The first and most important task is to make sure the implementation is following the business and operations security strategy and design objectives. As we see increasing threats repeatedly from automated malware, organized crimes, insiders, hacktivists and hackers, it is critical to think beyond perimeter-based defense and implement a zero trust (protection from the inside-out) model and deploy it across all the internal and external entities. The zero trust model should be integrated and inclusive of physical or IT critical infrastructure protection (CIP), identity and access (IAM), data loss prevention (DLP), network access control (NAC), web and application firewalls (WAF), antivirus and malware protection (AMP), endpoint protection, cloud computing control, mobile device management (MDM), security information and event management (SIEM), data and application security, intrusion prevention and detection (IPS/IDS). It is prudent to select and deploy technology that not only reduces the attack surface, but also provides an agile and adaptive environment to meet the needs of security and compliance against unforeseen threats.
- Monitoring and Management: A real-time threat intelligence capability is the vital weapon to monitor the risk of attacks. Traditional SIEM environments may not include predictive analytics, so it is crucial to proactively analyze suspect threats and correlate against historic as well potential new incidences with situational awareness and take mitigation or remediation actions rapidly. Management of the security operation centers (SOC) is not merely a security controls operation rather it needs to deliver a systematic framework to deliver uninterrupted business services and operations with zero downtime. In order to fight against advanced and persistent threats, this framework requires robust capabilities, policies and procedures for incidence detection and response management, threat intelligence management, compliance, audit and log management, service level agreements, business continuity and disaster recovery for data , applications, network, systems, people, and endpoints.
- Optimization and Transformation: Security functions cross the boundaries of multiple disciplines in IT, business, legal, procurement, marketing and engineering. These business functions have different priorities. Your security agenda brings many of them together to drive common governance, compliance and risk management. End-to-end robust security requires regular assessment and evaluations of posture to pinpoint and remove complexities and inefficiencies dynamically from a technology, process and management perspective. It is important to think out of the box to optimize the investments in security with business-centric risk management activities and leverage best of breed and advanced technologies to deliver agility, scale and confidence for new business demands. To sustain a proactive and adaptive security posture, optimization and transformation is required at all of the people, information, systems and process levels.
There is no silver bullet to address all security challenges; however, a thoughtful and advanced approach can provide you with a better shield against unanticipated risks. Your enterprise may already have the technology and expertise in-house, or may seek help from a partner like Unisys, but it is important to follow an advanced methodology and leverage advanced technologies to protect against advanced security threats.