After discussions with hundreds of IT and security professionals, one concern rises above the rest in the modern IT environment: visibility. How often have you heard or read the phrase “I don’t know what I don’t know?”
Even after years of deploying perimeter controls and endpoint protection, IT is still challenged with identifying and responding to unknown infrastructure threats in a timely manner. This can be attributed to a variety of issues, including changing threats, limited resources, and improperly deployed or configured security controls.
Having identified these challenges as top of mind for IT, how can organizations possibly start to regain security vision? Fear not: Every organization can take steps to repair its vision and gain insight into security and operational events. These steps can be as simple as updating supervisory controls and as complex as deploying next-generation firewalls (NGFWs).
As you look to fortify your IT security, consider these three critical steps:
Gain clarity with better security measurement
IT professionals have a responsibility to continually assess their network and data environment – after all, modern information systems are rarely static. But IT environments become vulnerable because of “snapshot syndrome,” when IT assumes that all is well based on completion of a single security activity rather than the entire lifecycle.
Continual measurement is a common trait of modern management systems, and IT systems need constant supervision and management – a message that Andrew Jaquith’s “Security Metrics: Replacing Fear, Uncertainty and Doubt” communicates well to leadership. As part of this measurement, organizations should perform internal and third-party security assessments on a regular basis to provide continuous insight into their systems. These assessments can consist of a wide range of checks, from vulnerability scanning to inventory management to configuration review, as well as more complex technical testing.
Understand the data and your IT system
Modern computer systems generate an avalanche of data, and maintaining accurate knowledge of an IT environment requires the ability to sift through that information. In the past, data logging was limited to a small number of devices, but current systems and technology are considerable event producers that you can track to better understand their behavior.
However, simply collecting data logs isn’t enough to keep an IT environment secure. Perhaps surprisingly to some, there are a variety of levels of event correlation that you can leverage that don’t necessarily consume your security operations budget. Whether you make use of a managed security provider or an internal security information and event management (SIEM) tool, there are a wide variety of paths an organization can take to overcome this data overload.
IT teams have also begun to shift or supplement system protection and vision in the form of data loss protection (DLP). Organizations with sensitive information, such as protected health information, personally identifiable information, payment card information, and intellectual property, can employ DLP to detect and even prevent attempts at data exfiltration.
DLP control types should be preceded by a data characterization exercise to increase their efficacy, and should also involve data owners, such as managers of divisions and department heads, in addition to data custodians and the IT team.
Take advanced security measures to increase visibility
Finally, many security teams have relied on legacy technologies to protect systems because of budget and resource constraints. Modern perimeter and DMZ controls in the form of NGFWs, unified threat management (UTM) appliances, and advanced threat detection provide increased visibility into the users, systems, and applications interacting with your network and how and from where they’re doing so, allowing you to restrict and control those interactions.
In the past, a firewall that understood ports and source/destination was adequate – but no more. Modern threats have evolved to obfuscate and confuse these once-viable and sufficient concepts. Users today are using a variety of external sites both for and unrelated to their job function, and therefore make NGFW a necessity to protect sensitive data and systems.
For other organizations, particularly those with significant resource challenges, UTMs provide a way for consolidation and increased visibility through a single platform. Lastly, advanced threat detection provides additional protection by investigating potentially malicious files and behaviors that may slip by traditional security technologies.
We’ll continue discussing these security components and other visibility tips on the SHI Blog. To learn more about these solutions and more, contact your SHI representative or the SHI security team at SecuritySolutions@SHI.com.