Page 67 - Cyber Warnings
P. 67
Implementing this shift in defense tactics requires new skill sets. The industry is looking for
workers with the skills required to monitor and analyze threat intelligence from across the
network.
As a result, security teams today must include more than just those focused on infrastructure.
To capitalize on technology that enables network visibility, security staff must have knowledge
of what normal network activity looks like, and they must be able to spot anything that deviates
from it.
The ability to separate out normal behavior from abnormal gives security teams the advantage
of designing defense systems that know what to beware of. The era of the static IT guy who
enters various rules into a set-it-and-forget-it system is over.
The Smart Guard Is a Familiar Guard
As an example of that shift, let’s compare two types of security guards. One is a longstanding
employee of the company, while the other is a temp.
The first security guard knows the owner, knows how the building’s dimensions have changed
over the years, and knows who the delivery guys and the employees are.
He is familiar enough with the property and its people that he knows instantly when something is
out of place or when it doesn’t look right.
Importantly, he is a known and trusted entity to those who work at the office. When employees
see things that don’t look right (“That car tailgated me into the parking lot, and the driver didn’t
use an access card”), they share that information with the guard, who uses it to perform a
check.
Contrast that scenario with that of the security guard working as a temp. He is more likely to be
unfamiliar with the property, to perform only cursory checks of the property based on a map
layout (which may be outdated), and to lack the relationships with both the office staff and the
property itself to have the insight necessary to notice when something is out of place.
For Best Defense, Plug into the People
To properly secure today’s organization, security teams must be plugged into its people in
addition to the network. The ability to pull actionable data from the network is critical, but
security teams must be an active part of the business as well.
By engaging with the business, the security team gains the human intelligence that reduces risk
and adds context into whether something is appropriate or suspicious.
67 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
