Page 26 - index
P. 26
wily attackers routinely bypass even the detection capabilities that well meaning IT security
organizations have in place today.
Therefore, smart organizations are also considering response as part of their overall
strategy. Here you begin by capitulating that attackers will get through. Next, rather than
asking yourself “what if?”, you ask “now what?” instead. Incident response is about
determining the scope, ramifications, and ultimately the root cause associated with the
threats your organization is facing. One critical capability along these lines involves
continuous monitoring. Keep track of relevant information as it comes in, and when you need
to piece together what happened after the fact, it’s far simpler.
To make a physical analogy, it’s like having a security camera in place. These cameras
might not do much in the way of preventing crime, but they are invaluable in allowing you to
determine what actually happened. Questions that previously required hours of painstaking
expert forensic analysis can be answered by looking at a few minutes of camera footage.
Organizations today are putting these “cameras” in place across their IT assets: networks,
endpoints, and traffic going to and from cloud services. Not only do they save time in doing
so, but they can take whatever lessons they’ve learned and re-apply them back to the
prediction phase, thereby coming full circle. These capabilities are simply indispensible in
today’s world.
The second common theme is that smart enterprises are coming to the realization that
security is fundamentally about data science. All of the elements discussed above involve
gathering, processing, gleaning insights from, and acting on data. Therefore, organizations
are thinking about how they can take whatever technologies they have in place today, and
make them work as part of a common data analytics fabric.
This type of thinking is certainly not without its challenges. After all, organizations still have
to deal with a tremendous amount of legacy infrastructure and legacy processes.
Consequently, no solution will be without its faults. At the same time, smart organizations are
realizing that they need to make strategically sound decisions moving forward so that
security becomes less about point solutions and whack-a-mole, and instead becomes far
more comprehensive and holistic.
The third common theme is that smart organizations do not just focus on technology, but
rather strive towards engendering a culture that values information security from the
executive ranks to the rank and file. Without this type of culture in place, it will be difficult to
make long term progress. And because cybersecurity is highly dynamic, we simply cannot
expect today’s measures to work equally well tomorrow. Attackers are constantly adapting
their methods, so we must constantly adapt as well.
Attackers aren’t haphazard in their efforts. Therefore, organizations too cannot be haphazard
in their response. Rather than implementing a series of quick fixes and praying for the best,
you need to make holistic changes so that you are more than adequately prepared to deal
with the worst head on.
26 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
