In continuation of NCSAMs theme of “Own IT, Secure IT, Protect IT,” in this post we’ll tackle “Secure IT.”Now that we’re all experts in CIS Critical Security Controls and we have our environment mapped, we can increase the focus on securing what we own.
Improving security controls and process is obviously a huge element of threat mitigation. When an accurate inventory of infrastructure and software is combined with details of the overall environment, any notion of increased cyber hygiene and more reliable security clearly stand to increase. Combined with defensive cybersecurity tooling, identity and access management, vulnerability management and administrative access management, this set of capabilities and processes should give an organization a fairly complete understanding of the protections and risks existing within its environment.
From a pure tooling standpoint, there are a seemingly endless array of security solutions recommended by industry analysts, vendors and other third parties to help address each piece of the puzzle. The key for each organization is to prioritize investments with the aim of addressing any key gaps in their existing security infrastructure, as so much time, effort and money has been spent over the last 2-3 decades in amassing a set of proper controls.
For starters, implementing robust identity and access management includes use of tools that add an extra layer of protection to security protocols that you already have in place. Available capabilities such as biometrics, single sign-on, two-factor authentication, and adaptive security controls help ensure that requests are authentic and from authorized users. When users gain overly permissive admin access, insider threats obviously increase. Following September’s Insider Threat Awareness Month, we know well that insider threats are on the rise, as seen in Verizon’s Data Breach Investigation Report for 2019.
In terms of defensive infrastructure, again, each organization needs to constantly assess the effectiveness of its existing tooling and seek to augment those capabilities where necessary. From Endpoint Detection and Response (EDR) to Cloud Workload Protection (CWP) tools, there are always a new set of cutting-edge technologies arriving on the scene to address emerging threats and best practices. Just how and where to adopt such products, and potentially move on from more traditional solutions, is a balancing act that needs to be carefully considered.
On the vulnerability management front, emerging tools and processes that more closely tie understanding of external threats to existing exposures and underlying business assets are the next big thing, and bring the concept of risk management further back into the world of securing IT. Traditionally, security and risk management have existed largely in siloes, but this is increasingly no longer the case.
Going off the idea of admin access, living by the tied and true principle of “least privilege” will help maintain that only the authorized and necessary users are accessing the data that they need. While difficult to manage, keeping data off-limits for those that do not need to access it will keep sensitive data in the right hands and out of the hands of bad actors. Yet, this also remains a delicate and complex practice, especially in the face of the rapidly scaling use of the cloud.
Of course, one of the biggest trends on the security landscape is the use of advanced analytics, automated workflows and centralized dashboarding to help pinpoint the most pressing threats and manage security from an end-to-end perspective. That’s where technologies like Bay Dynamics Risk Fabric come into the bigger picture, whether it’s tying together efforts around data protection, or invoking a more holistic approach to the entire world of IT Security, such as with Forrester’s popular Zero Trust methodology.
Once you have your plan in place to “Secure IT,” the time comes to “Protect IT.” Next week we’ll dig into what can be done once the implementation of the Critical Security Controls and layered protection approach are complete. Until then, follow us this week as we focus on securing your network and devices.