This is the first in a three-part series on IT security from Forsythe Technology. This post looks at core infrastructure and threat and vulnerability management.
Security breaches are inevitable. Organizations needs to shift from aging mindsets and predictable tools to comprehensive prevention, detection and response capabilities in order to neutralize potential damage. In this blog series, we’ll approach today’s IT security issues from three different perspectives: 1) core infrastructure security and threat and vulnerability management, 2) data protection and identity and access management, and 3) security program governance and application security.
Security on Both Sides of the Perimeter
At this year’s RSA Conference 2015 in San Francisco, there was a virtual explosion of shiny new security solutions. With over 500 providers exhibiting, it was a head-spinning reminder that nothing lasts forever, especially in technology. Every time you turn around, the latest-and-greatest has just been replaced by the newer-and-better. And so it goes.
Technology has been forcing us to adapt throughout history. What’s different today is the unprecedented rate of change in the tools at our disposal, and the heightened demands of users.
That acceleration is pushing IT security to make changes at an alarming pace. Until recently, perimeters clearly separated the corporate workspace from the Internet. Inside systems were “trusted,” and anything outside was “untrusted.”
Times have changed.
Social networking, cloud service models, mobile devices and the Internet of Things (IoT) are blurring boundaries and increasing vulnerabilities. Multiple remote-access techniques have attracted cyber attackers in droves as employees access corporate data wherever, whenever, and however they choose. In response, companies have to change not only the systems they support to provide functionality, but also what they use to protect data. And—most importantly—they need to shift their mindset
If they don’t, they’re risking the integrity of their business, the support and financial well-being of their customers and—amply illustrated by the hundreds of news articles devoted to data breaches last year—they’ll probably end up making the wrong kind of headlines.
Something Old + Something New = Something Better
Despite the pace of change, it’s important not to forget that when it comes to IT security, the past is never dead. Along with new threats, the threatscape is full of old problems—such as known attacks and network misconfigurations. That’s why a successful strategy for protecting data doesn’t lose sight of perimeter defenses and core infrastructure security controls.
Some experts argue that the perimeter has dissolved to the point where defenses are basically a lost cause. That’s not true. Just because you can’t build a perfect perimeter anymore doesn’t mean you should stop trying, and focus all your attention on the shiny new thing. Services such as professional architecture assessments can help you address the core of your security program by evaluating the design of your network architecture and its maturity, making sure it’s up-to-date and in line with your objectives. From a controls perspective, perimeter defenses have evolved and expanded with the advent of behavior-based intrusion detection and prevention systems, network access control, secure web gateways, and distributed denial-of-service (DDoS) protection systems. Firewalls now have “next-generation” capabilities, and provide sophisticated application-layer security.
Because the “bad guys” continue to remain undetected on networks for months—the most recent average reported by the Ponemon Institute was 256 days—threat and vulnerability management is now critical to protecting your company’s network perimeter—such as it is—where devices and data meet. Cyber attacks often take advantage of basic security vulnerabilities, such as poor patch management, weak passwords, web-based personal email services, and a lack of end-user education and security policies. Vulnerability and other threat assessments--in conjunction with security analytics (SIEM, user behavior analytics and big data analytics), security monitoring (network forensics), network-based malware protection, and external threat intelligence that is operationalized into your security program--can help you identify true threats to your business, and strengthen your first line of defense.
Traditional security controls work well in conjunction with the latest-and-greatest, and each has its role. Only by layering these protections both inside the perimeter—with controls that focus on keeping content safe—and outside, can we hope to gain true visibility into enterprise environments, and effectively defend data.