Four questions to consider when building a security platform
For those of us in the technology industry, comparing Moore’s Law to technology advancement is nothing new. Moore’s law holds that computer processing power will double every two years. Aside from a few peaks and valleys, I think most would agree that this is true. I contend that Moore’s Law, at least in principle, holds true for malware and attack methods as well. Unless you have been hiding under a rock the last few years, you are fully aware that cybercrime has exploded.
Hackers, who once had to build their own malware from scratch, now have access to numerous toolkits that make developing their own variant of malware easy. For the hacker who would rather spend their money than their time on malware, there are even malware exchanges where anyone can buy malware built for anything from controlling a webcam to siphoning credit card information, and anything in between.
Combine the ease by which hackers can access malware with the way social media makes it easy to organize groups of people around the world and you have a dangerous new frontier. Attackers, who can work together to target an organization, steal data, and cover their tracks, all under the guise of anonymity. How can you defend yourself from this new breed of attackers?
As I wrote about a month ago, Neil MacDonald proposes that now is the time for companies to turn their focus from an incident response model of security to one that provides continuous response. MacDonald coins this as a Continuous Advanced Threat Protection approach to security. While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now, this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities. To truly make the shift towards MacDonald’s continuous response, security professionals need to evaluate tools and processes with a fresh set of eyes. Here are four things to consider when making this necessary shift in security approach:
- Where is my most sensitive data?
Many tools and services available in the market focus on the end point, which makes sense. Employees are using laptops, tablets, and smartphones to access your company sensitive data around the clock, but where is the data they are accessing? That’s right, your data center. While the impact of losing a laptop to a compromise is no laughing matter, the impact of losing a server filled with company confidential information, product development plans, source code, and the like to a compromise can bring down an organization. Looking at your risk from this perspective can open your eyes to the importance of having rock solid data center protection.
- How is the cloud going to impact my data center?
If you have not already moved some of your critical data center infrastructure to the cloud there is a good likelihood that business drivers will move you in the direction of the cloud sooner than later. Securing data center assets in the cloud presents quite a challenge, especially if you are outfitted with products designed to protect physical data centers.
The cloud is ephemeral by nature. Unlike physical assets the very nature of your data center can change quickly. If your security products expect static IP addresses, for instance, you will run into issues fast. With the rise of DevOps and automated deployment, new assets can be added to a cloud environment continuously making it difficult for your security products to protect them. Make sure that when you are selecting products select products designed to protect physical assets as well as cloud environments.
- What do I need to do to gain visibility across my data center environment?
Now that you know you need to beef up your data center protection and prepare for the cloud, the next question to answer is: How? First, you should determine what assets are in your data center and how are they accessed. Most organizations have file servers, web servers, databases, as well as some applications hosted in their data center. Beyond the basic anti-virus you will need some technology that can scan your network traffic for abnormal movement of data. You will also need a web application firewall that can sits behind your network firewall and in front of your websites and applications to protect you from specific web application attacks. Lastly you will need a log management solution that can make sense of all the information your security tools generate.
With those tools in place, you need to find quality, skilled resources that understand how to use them. Security expertise is a critical component of a security approach as they provide the human analysis that enables you to not only understand the threats impacting your data center but also how to remediate the issues. These experts need to monitor your security platform 24×7 as the attackers many times will attempt to penetrate your environments when the rest of us are sleeping. Be prepared though; these experts are in high demand and do not come cheap.
- Where do I get the intelligence I need to protect me from emerging threats?
Now that you have the tools and the people to protect your data center, you need figure out how to gain insights into threats that this new breed of attackers are using to steal data. There are a number of open source threat intelligence feeds available that can provide you with signatures of known bad files, malicious IP addresses and other security content. In a perfect world you would have the ability to source your own threat research to augment what is freely available. With this threat intelligence and security content, your tools and experts are armed with the information they need to eliminate false positive alarms that your security products generate, allowing them to hone in on security events that indicate a potential compromise has taken place.
By no means are these the only questions you need to ask yourself when building out a security platform to protect your most sensitive data, but it’s a good start. The thought of undertaking a project of this scope can be overwhelming, and for many organizations simply not possible for any number of reasons.
With today’s release of Cloud Defender, we are excited to offer up a new, easier option for protecting your data center, no matter where it resides. So, grab a cup of coffee and learn more about Cloud Defender and how this solution can provide deep insight and continuous protection.