How to Bake Anticipation into Enterprise Cybersecurity
We’ve all heard the castle and the moat analogy when it comes to cybersecurity. But those days are long gone. It may have worked when script kiddies roamed the land, but today that approach is as effective as a Band-Aid on a bullet wound. Needless to say, the threat landscape has evolved to a point where not only security technology must be up to snuff, but a security leader’s mindset must adapt depending on the enterprise’s risk tolerance. Tools like firewalls and IDS/IPS to email gateways and antivirus remain an important part of an overall security arsenal, but as the sophistication of cyber threats and attack surfaces increase, the wait-and-see approach to cybersecurity of yesteryear won’t cut it.
No matter how often your systems are patched, a reactive stance ultimately leaves your security and risk department in a constant firefight, one where the ember never cools. Businesses across the globe are experiencing an increase in breaches in the last year, and the only way to turn the tide is to bake anticipation into your cybersecurity strategy. That requires a proactive stance.
Organizations with a low appetite for risk have recognized that more needs to be done to protect critical assets. Many have added SIEM, active alerting and security intelligence with the understanding that perimeter defense layers may be breached. But to prevent attacks from occurring and drastically decrease response time, adopting an adaptive security model is optimal. This approach promotes early detection of compromises and the automatic response when a security incident occurs. It continuously assesses risk and monitors networks in real-time to hunt for malicious traffic, vulnerabilities, and other indicators of compromise.
Adaptive security relies on artificial intelligence analysis of cybercriminals’ behavior to anticipate new attack methods. As threats and attack tactics evolve, an adaptive approach would allow for your enterprise to as well. To embrace this approach to cybersecurity it’s important to focus on the following three steps:
Step 1: Gauge Your Enterprise Risk Tolerance
How do you know if you’re ready for adaptive security? It all comes down to your ability to stomach risk. A company’s appetite for risk informs its entire approach to security, including the budget it allocates toward it and the services it engages. The lower the risk tolerance, the more resources will be required to effectively and measurably reduce it. To gauge your enterprise’s risk appetite, you’ll want to have a good understanding of what and where your critical assets are located. More often than not, this is what digital marauders will go after. Understanding the core business not only allows you to prioritize the protection of company assets, but also helps in understanding the phases of the cyber kill chain that could impact the enterprise.
If successful attacks have already taken place within your environment, you already have a great place to start. Take advantage of those scenarios when it comes to building your adaptive strategy, says Jeremy Batterman, global director of threat intel and detection at Trustwave SpiderLabs.
“You look at your attack profile and your taxonomy of threats and based on the behavior of those threats you build your profile,” Batterman says. It’s all about visibility, he adds. In order to take an adaptive approach to securing the enterprise and anticipating attacks, visibility is crucial. Even if an attacker is successful, gathering as much information as possible about the incident can only make your approach to security stronger, and also allow you to be proactive, Batterman says.
“For example, ask yourself if you have the visibility to see malicious activity that comes in via weblinks and through email,” he says. “Can you look at weaponized attachments and determine that they’re indeed weaponized? Do you have the capability to detect or deny something malicious trying to be executed by the behaviors that the malware would normally do?” Working through exercises like this allows security leaders to start building good visibility, which leads to great defense. “Even if you stop an attack, you need to investigate all of its attributes,” Batterman says.
Step 2: Get Enterprise Leadership on Board
The communication challenges that security leaders face with upstream management is nothing new. For years they’ve been told to “speak the language of the business,” and while they’ve made strides in that area there’s still a way to go. Adaptive security requires the right mix of talent, tools, and techniques, and outlining that affectively to the C-suite is important. Security leaders that don’t have other leadership support within the enterprise are facing an uphill battle. “It’s absolutely critical,” Batterman says. “I’ve worked as a consultant for companies that don’t have it, and they lost the battle before they even got started.” While it can be complex to communicate, not getting in the weeds with technical concepts and relaying a higher view of this approach to the executive team will ultimately help in getting them bought into the program.
Step 3: Assess Your Team to Assess Your Technology
Before you even think about purchasing more bells and whistles to add to your security arsenal, ask yourself, “Do I have the team to maximize its use?” As a managed security services provider (MSSP), this is an area where we find many gaps. You can have the latest and greatest state-of-the-art technology to combat cybercrime, but without the right staff or assistance, it’s likely useless in the grand scheme.
“The talent is more important than the tools,” Batterman says. “If you have talent and you have tools, that’s great. But good talent, at times, can make their own tools, even if you’re limited on resources. A talented staff always figures out a way to make things happen.” In many cases, good talent could lead to good technology, even if they aren’t building it themselves. You should lean into the talent to help assess the most appropriate tools to leverage. Batterman suggests asking yourself the following questions when it comes to making purchasing decisions:
- Is this something that will be helpful in investigations?
- Will it be a hindrance on my team and adaptive approach to cybersecurity?
- Is this solution too complex?
- Does this tool give us the visibility we need?
Too many businesses have made the mistake of tapping into security technology when they don’t have the right staff to manage it. While no business is immune to the cybersecurity talent shortage, many are tapping into external sources to handle various aspects of security, especially when it’s difficult to compete against the larger tech companies that attract and retain top talent.
An adaptive approach to security best fits an organization with a low-risk appetite, including financial institutions and manufacturing and utility companies. Meanwhile, smaller businesses such as local retail stores have a much higher risk appetite, so covering the basics and taking a traditional perimeter defense approach could suffice. As the threat landscape continues to evolve, the security mindset that enterprises take is changing as well. Taking a reactive stance on cybersecurity could be more costly for an enterprise than approaching it in a continuous, proactive way.
Migrating Network Protection to the Cloud with Confidence
For modern organizations, speed and agility is the key to success – built on enhanced IT efficiency and performance driven by the cloud. Anything less could see your business outpaced by the competition. As always, security must be a priority when migrating to the cloud, but network teams are being let down by existing tools. Overwhelmed by this challenge, our TippingPoint customers came to us asking for an equivalent product for their AWS environments. So we went away and built one.
Cloud Network Protection is the first transparent, in-line network security offering for AWS customers: simple to deploy and manage, cloud-ready and leveraging our industry leading expertise in network threat protection.
Let down by legacy
According to the cloud’s shared responsibility model, network security teams are increasingly being tasked with extending security into the cloud. But current offerings in the market simply aren’t capable of supporting their requirements. They’re complex, expensive and introduce extra friction.
Our TippingPoint customers came to us with a range of gripes. They felt existing network security solutions are simply not engineered with cloud environments in mind. In fact, some need to be rearchitected to function at all in the cloud. Often, these incompatibilities lead to business disruption: by causing app and network downtime while network security is deployed and/or slowing down the speed of DevOps on an ongoing basis. In many cases, customers complained of having to use multiple tools to manage security for different networks in the hybrid cloud – adding extra cost and complexity and creating potential security gaps through misconfigured solutions.
These challenges impair their ability to meet key compliance requirements like HIPAA and GDPR. Responding to internal and external audit requests also became more difficult. At the same time as these strategic challenges, network security teams wanted to meet day-to-day requirements such as blocking requests to specific domains.
A new approach
Taking all this on board, we set about designing a network-based solution to handle the scale and performance demands of the cloud, without introducing extra friction to operations. We did this by tapping the power of the AWS Transit Gateway, a service that enables customers to connect all their Virtual Private Clouds (VPCs) and on-premises networks via a single, centralized gateway.
The resulting Cloud Network Protection solution is deployed transparently into the network fabric, providing visibility and control where network security teams need it most whilst avoiding application disruption and the need to rearchitect. By extending our TippingPoint capabilities into the cloud, we offer organizations multiple benefits including:
Consistent network security: Allowing teams to use existing TippingPoint security profiles in the cloud and on-premises.
Centralized SMS management: Complete visibility and control using the familiar Security Management System (SMS).
Simplified deployment: Minimizes friction by sliding seamlessly into the cloud network fabric.
Industry leading security: Including network-based virtual patching, and zero-day protection backed by the Zero Day Initiative bug bounty program. All whilst avoiding business disruption.
Nearly three-quarters (73%) of organizations had at least one application in the cloud as of last year – with a further 17% planning to do so within the next 12 months, according to IDG. As they migrate these business-critical apps, network security teams are demanding effective, cloud-ready tools that offer maximum protection without impacting performance. Fortunately, now they have one.