Page 5 - Cyber Warnings
P. 5
Advance Your Cyber Security Efforts by Adopting Six Habits
By Ajay Nigam, SENIOR VICE PRESIDENT OF PRODUCTS
Over spending and focusing on prevention was the security doctrine that made organizations
brittle and more susceptible to cyber threats. It left them vulnerable when their virtual
boundaries were compromised without the means to quickly assess and address the situation.
My prediction is that there will be a correction to the imbalance with detection and security
intelligence being the way we take back control, making it safer for digital businesses across all
verticals. Finding the balance between prevention, detection and response will not be without its
challenges, however. To succeed we need to break old habits and align efforts that will match
those of our adversaries in order to make a significant difference in the future for cyber security.
We should consider six habits to advance security efforts for 2016 and beyond:
1) Never assume. This is the age of evidence-based or big data for security, and moving
beyond assumptions is a sign of growth. Don’t assume your organization is not a target, and
don’t assume that your protection technology is a constant. The recent reports of router
back doors points to yet another angle of vulnerability management that needs to be dealt
with for on-premise security. Don’t assume your cloud computing provider is infallible or
immune to having security vulnerabilities or even breaches. Begin to ask for data, not just
service level agreements on security controls and compliance aspects, on how threats are
managed, scored and the speed in which they are neutralized. Companies are now seeing
security and risk as board level conversations, mostly because until recently boards
assumed the business was protected. There is growing pressure on public companies now
that the SEC is starting to advise on adequately assessing and reporting on cyber risk. The
security reality is that in the near future no one can assume plausible deniability, security
intelligence and analytics continue to mature to provide the insight to now know what’s at
risk and to take action.
2) Don’t limit yourself. Threat intelligence comes in all types and service varieties. Some
organizations have embraced their SIEM technology so boldly that they consider this
localized threat intelligence source synonymous with their threat intelligence program.
However, a diversified and rich portfolio of threat intelligence sources is a necessity. Look to
augment your internal (LOCAL-INT) with Open Source (OS-INT) feeds and a few
commercial (COMM-INT) ones. This is a case where more data is better, with a few caveats.
Understand how the sources are gathered and updated because you want to avoid
intelligence feeds that overlap in focus and data. Leverage these bountiful information
resources as a catalyst for change through automation. The consumption of the threat
intelligence feeds and correlation with the information from your local intelligence and
security technologies will uncover sightings and threats to watch that are relevant and
unique to your organization. If any of this is a manual process for your organization go
ahead and directly skip this step because by the time you have processed this information,
5 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide