Security posture is a largely obscure phrase. It’s used in the industry but if you ask 10 different people what security posture means, you’ll get 10 different answers. Given businesses expansive, ever-changing environments, understanding the makeup of your security posture is critical to the success of your security program.
In my blog, Lessons from the Battlefield to Help Improve Your Security Posture, I shared how experience has taught me there are three pillars to security posture: visibility, exposures, and threats. Visibility is the foundation of your security posture. Simply put, you can’t protect what you can’t see.
Illuminating Your Environment
In the military, the term “illum” refers to the moon’s illumination. It’s described by a percentage, e.g., “0% illum” or “100% illum.” The varying percentage of illumination comes with its positives and negatives. If there’s too much illum, we lose the advantage of our night vision goggles (NVGs). On the other hand, if there’s not enough illumination, our NVGs are useless. NVGs work by amplifying ambient light — when there’s 0% illum, they’re useless. This is not unlike our security technology. If we have no visibility into an environment, our ability to protect it is severely impacted. Once again, you can’t protect what you can’t see.
Visibility starts with gaining a solid understanding of the resources and assets that currently reside within your environment and ends with a continuous detection of change. During the initial discovery process, it’s not unusual — in fact, it’s almost the norm — to uncover numerous assets the business was not aware they had. We also know that assets are constantly coming online and going offline. Without the right people in an organization being aware, they will go unprotected and be at risk. Visibility isn’t a point-in-time process, it must be continuous.
A deep dive into uncovering assets is similar to putting on night vision goggles in a very dark valley; you often are presented with some scary facts about your surroundings. This includes how and where you’re exposed or being attacked. Turning a blind eye to visibility gaps within the environment will result in detrimental outcomes.
Some questions you should address during initial discovery include:
- In what areas are we accepting or unwilling to accept risk?
- How far into our end user’s world are we willing to go — down to the mobile device or is the laptop good enough?
- Can we cover our SaaS applications?
- What are our limitations to preventing or detecting threats in these environments?
- What tools will deliver what type of protection, and how is it delivered?
- Will we manage it ourselves or find a managed solution — like a managed detection and response (MDR) provider — to help us manage our security?
Tug of War Between Security & Privacy
Securing a digital environment comes with its own unique set of complexities. In short, security posture cannot be successfully managed in a vacuum; it’s truly a team sport that must be managed throughout the business. As an example, during your discovery process, one challenge you may run up against is privacy versus security. Just as in our personal lives, businesses also must strike an agreed-upon balance between privacy and security. There are many factors in determining that healthy balance of reasonable privacy and the security of the business.
Let’s get technical for a second. For example, if your business is using Diffie-Hellman for encryption (also known as asymmetric encryption or public-key cryptography), your security team’s ability to inspect that traffic is significantly impacted. Options exist to allow inspection but all of them require downgrading the encryption level to allow for inspection. As the business is making its way through discovery and planning, it must be aware of what it means to use this type of technology to ensure there is an informed decision on privacy levels versus security.
In addition to encryption as a roadblock to visibility, other challenges include:
- Agent installation: Agents are not installed or misconfigured.
- Resource utilization: Not enough people or technology resources (overutilized firewalls, appliances, etc.) to create and maintain security posture.
- Network configuration: Poorly configured network devices that inhibit the ability to identify threats, which hinder investigations into an attack’s origin and destination.
- Asset discovery: New resources constantly are spun up and down.
- Architecture: Internal architecture does not take monitoring into consideration.
Even after your team answers every question, weighs out its options, and feels there is clear visibility of all of your assets, your work isn’t done. Visibility is an ongoing process for your security posture. You must be committed to visibility for newly deployed assets, prioritizing architecture decisions to ensure increased visibility and reduced exposures, and always working to ensure your security technology is properly deployed throughout your environment.
At Alert Logic, we’re constantly running discovery scanning to identify newly deployed assets which allows us to assess security controls and provide clear steps to remediate any visibility gaps.
Alert Logic’s MDR Approach to Visibility and Security Posture
At Alert Logic, we work as an integral part of your security team to provide unrivaled managed detection and response capabilities. We provide visibility to the most pressing threats which could impact an organization and the ability to respond quickly and effectively. With our security experts monitoring your environment 24/7, your security posture is our top priority.
Look for the third blog in this series focusing on the second pillar of security posture: exposures.
To learn more about Alert Logic MDR®, schedule a live demonstration.