Page 25 - index
P. 25
How Organizations are Rethinking Their Cybersecurity
Strategy
The Three Habits of Smart Organizations
by Zulfikar Ramzan, Ph.D., Chief Technology Officer, Elastica, Inc.
It seems like new words are unceasingly creeping into the IT lexicon: Cloud, BYOD, Internet
of Things, and so on. While these technologies are a veritable goldmine from the perspective
of gaining new organizational efficiencies, they are simultaneously a minefield from the
perspective of IT security.
Each of these technologies can materially impact an organization’s risk posture and
significant thought is required to bring them into the fold in a safe and sane manner. To
make matters worse, organizations are also dealing with far more insidious attackers. Gone
are they days when online miscreants would send victims typo-ridden emails in broken
pseudo-English offering a million dollars tomorrow in exchange for a far modest payment
today. These low-budget kitchen sink campaigns have been replaced with carefully honed
social engineering operatives designed to dupe even highly sophisticated users in far more
insidious ways. It’s the difference between a smash and grab robbery at a 7-11 and an
Ocean’s Eleven type of heist.
When I look at how Chief Information Security Officers (CISOs) at major organizations are
rethinking their cybersecurity strategy in the face of these issues, a number of common
themes seem to be emerging.
The first common theme is that smart organizations think about cybersecurity from the
perspective of the full threat lifecycle. Consider, for example, the Adaptive Security
Architecture framework developed by Neil MacDonald and Peter Firstbrook of Gartner. This
framework comprises four key elements: prediction, prevention, detection, and response.
Prediction is about being able to establish a baseline regarding where you are today from a
security perspective. What are the most significant vulnerabilities in your environment and
what are risks you need to be concerned with? It’s important to start outlining your security
strategy by considering risks before you consider threats. After all, a threat is merely
something that takes advantage of an existing risk. Technologies like vulnerability scanning
and vulnerability assessment are commonly used here.
Prevention is about being able to stop threats before they infiltrate your environment.
Technologies for providing access control and policy enforcement come into play here. More
so, if you think about it, about twenty years ago, network security was almost entirely
focused on technologies for prevention, like the firewall.
Detection is about identifying threats that actively present themselves into your environment.
You can detect threats by looking for known patterns (often termed “signatures”) or by trying
to infer the intent behind a broader set of behaviors using more sophisticated analysis. The
underlying techniques notwithstanding, the bulk of enterprise security focus nowadays is
centered on detection. However, it’s becoming clear that detection is no longer sufficient as
25 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
