- It’s important to understand where threats originate and how they can be detected to be better prepared to defend your networks.
- There are many security tools available, and they interact with each other in a variety of ways.
- IT security is now the responsibility of every member of your organization.
Today’s IT security challenges can be vexing, even for the most experienced team. Blended threats are the norm, where phishing attacks are combined with more invasive methods such as privilege escalation. Attackers penetrate networks and then go quiet for several months to see if anyone has caught on to the invasion. (This happened with anti-malware vendor Avast, and it took them months to figure out the attack and the extent of the damage.) And malware has gotten more complex, using polymorphic methods that literally change behavior to avoid detection.
While our first blacklisting article dealt with stopping emails containing phishing from reaching your end-users and blocking malicious links embedded in an email message that could result in malware being installed on your computer, this post looks at the various network effects and how to stop them.
Different Types of Security Tools
There are a variety of network-layer protective technologies that go under various names. Leveraging these technologies, you can improve your IT security in the following ways:
- Using vulnerability assessment and prevention tools (such as Vulcan),
- Running security event management and analysis tools (such as Rapid7 InsightIDR),
- Using better endpoint security tools (such as Crowdstrike Falcon),
- Conducting red team exercises (such as by using Red Canary) and
- Setting up digital forensics (such as Belkasoft Evidence Center).
When you look over this list, it can be daunting to figure out where one security product leaves off and another one begins. There is certainly a lot of overlap among all of them, which is what the bad guys are counting on to deposit a piece of malware on one of your servers or endpoints and have it live there for months before being discovered. You ideally want a portfolio of security tools that can work together, analyze your network traffic and figure out when something is awry or looks suspicious.
Security is Everyone’s Responsibility
Given these requirements, IT managers have to get better at finding and neutralizing malware, before their networks are taken over to send spam and other malware infections around the world. What the bad guys have done is to make IT security everyone’s responsibility, not just the job of the CISO or the exclusive purview of the IT department. As companies have moved more of their business services and products online, the consequences have become corporate-wide. “Services are now managed by different parts of the organization, which means that data silos are ending and risks are getting more complex,” says Sean Convery who has held numerous security-related management positions at MobileIron, ServiceNow and Google.
That means that everyone has to come to the table when a new security product is being evaluated. Mike Lettman is the Arizona state CISO. A few years ago he understood that he needed to get the buy-in from all of his state agency heads early on when he was shopping for a new risk management tool. “Everyone is resistant to change, but you have to learn how to tell the whole story about why and how this is important and be able to build trust to help our constituent agencies to protect their own assets and show the value of what you are trying to do.” After he installed his risk management system, he says they found more than 20,000 vulnerable systems across their IT networks alone. “We had all sorts of configuration problems.” That is the kind of global viewpoint that is essential to closing your security loopholes and preventing data leaks and potential reputation-ruining (and career-ending) moments.
Part of the problem is that the average IT development environment is a constantly dynamic one. Charles Jacco, a principal at KPMG’s security services practice, said “The app that I rolled out two hours ago isn’t the same as the code that I had in production this morning. That means you have to continuously assess risk.”
Another part of the challenge is changing the way we run our IT projects from their very inception. David Froud, who often blogs about this topic, has written, “Security out of context has no business benefit.” The challenge is finding staffers who come with that context already. He also complains that risk assessments are often done at the end of a project rather than at their start. “It’s far too specialized and has never been seen as a true value-add to the business.”
Where to Get Started
Professor Josephine Wolff at Rochester Institute of Technology has written a book entitled, You’ll See This Message When It Is Too Late. While there are plenty of other infosec books on the market, this is the first systematic analysis of different data breaches over the past decade. She reviews a total of nine major data breaches of the recent past and dissects why they happened and how they could have been prevented. Use this as a starting point to understand how you can be attacked. Then compare the above list of defensive tools and go shopping to fill in your potential gaps.