By Lamont Orange
Sophisticated cyber-attacks, breaches and disclosures are becoming the new normal. The security paradigm is on a steep trajectory for continual change, with new challenges and obstacles. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing their devices to work.
Given the rapid change, we must upgrade our security posture to meet the challenges of today and tomorrow. The bad guys are playing a smarter game, and we must transform the way our organizations behave. If you are responsible for modifying organization behavior and increasing your security posture, here are five strategies:
Transform Data into Intelligence
The legacy security paradigm urged you to log everything, which meant you had Big Data about any and every security event that occurred in the ecosystem. Moving forward, your data must be transformed into intelligence and the enterprise needs to be aligned with data and context-centric security. Forensic intelligence will help you reconstruct activities, determine if an incident is in progress and provide network and systems usage baselines.
For example, you will never make sense of a security breach without a complete record of every last packet after the fact. Armed with intelligence, you can determine if attackers merely accessed a system, versus having gotten away with confidential and sensitive data.
Subscribe to a Threat Modeling Culture
To properly protect the correct assets, it's imperative to understand what threats can and will affect your organization. For example, examine how you can defend against advanced threats across all seven stages of the threat kill chain. How do you fare against insider threats and threats posed by mobile device like tablets and smartphones? Can you identify your enemy? Do you know your blind spots?
Transform to the Next Generation Security Model
Redefine the defense-in-depth approach to defense-in-context. Move your protection strategy from focusing on systems to concentrating on the data. Three keys to this transformation:
- Ensure that your strategic security solutions share the same information and intelligence.
- Move from monolithic point solutions to multi-staged or multi-domain solutions. It’s a game of chess. You must have a multi-prong defense. Know your pieces on the board, how they move and never forget the object of the game -- protecting your data.
- Consolidate commoditized solutions and use your funding for components that increase your posture. Evaluate your current investments by measuring the effectiveness and relevance. For example, it’s time to re-prioritize if the results indicate the security tools are not aligned with the transition to a data-centric security model.
Align Security Initiatives with Business Requirements
Position security in the correct context -- it's a business problem. Security initiatives and outcomes are often not aligned with business initiatives. I cannot emphasize enough: Sell the security program and communicate your successes internally. Show how you are saving the company money by preventing a data breach, reducing help desk tickets, enabling remote workers, etc. It will lead to increased buy-in, and ultimately funding.
Develop a Culture of Security Inclusion and Accountability
Transform your users from your greatest vulnerability to your volunteer security team. Show them what's in it for you, the company and, most importantly, what's in it for them. Get their attention with frequent streamlined communications such as newsletters or short videos. Develop programs that recognize and reward them for a job well done.
Put methods in place to test your user-based posture and track your progress. Remember, you can have the best technology and security program but without the user component you will find the improvement of your posture in a phase of stagnation.
Have any questions about these five tips or any additional ideas? Feel free to leave a comment, and we can discuss.
Lamont Orange is the senior director of information security for Websense. In this role, he is responsible for developing, maintaining and socializing the company’s internal security program. He also serves as a trusted security resource for Websense customers worldwide. Orange has more than 15 years of experience in the information security industry, including more than 10 years as vice president of enterprise security for Charter Communications.