Ver Suplemento Temático...

Seguridad Colectiva y Defensa Nacional.


Revista de Prensa: Artículos

miércoles, 23 de marzo de 2016

Defense in depth: Stop spending, start consolidating

Kacy Zurkus
Experienced freelance/ghost writer of features, blogs, news, and strategic content

How many tools are too many tools to have an efficient defense in depth security infrastructure?

When it comes to layered defense and security tools, less is often more just as more can sometimes be less. The average enterprise uses 75 security products to secure their network. That's a lot of noise and a lot of monitoring and testing for security practitioners. 

To make sure that the security tools not only work but work in harmony with each other, some security professionals recommend taking a closer look at the layers of the security ecosystem to eliminate redundancies that contribute to alert overload. 

There is a lot of threat intelligence information out there, and Stephan Chenette, CEO, AttackIQ said all of that threat information can be overwhelming. "They need to use the threat information to determine what is applicable to their organization and tailor it to their industry. Risk has a number of factors, not only the impact to organization but also the real probability of the threat," Chenette said.

Security teams need to distill down all of that threat intelligence and find what matters in relation to their business because most enterprises aren't regularly testing all of their security tools, "The alerts that matter are being missed," Chenette said.

The security industry has long touted defense in depth as the solution to thwarting off attacks, but the reality is that more layers don't prevent attacks, said Chenette.

For many enterprises there is a disconnect between the products they are buying and their effectiveness. "Many people are putting firewall, IPS, and antivirus in place thinking that intelligence is actually going to help them," Chenette said. 

What is more effective is taking that threat intelligence and running attack tests and attack models to identify potential blind spots. "Defenders think in lists but attackers think in graphs," Chenette said. In order to build the best defense in depth strategy, the organization needs to start looking at what’s at risk and what’s at stake and then determine how to create security around those assets.

"Hope is not a strategy," said Chenette, so in order for companies to improve their security strategy, they need to realize that technology can fail. "Controls fail over time, and the worst outcome is that there is a breach because they had a control in place that should’ve detected," Chenette said.

It's important to know what security controls are in place, whether the controls are even working, and whether those are the right controls for the realistic threats.

With an average of 75 security tools in play, redundancy exists. "Many organizations are hiring security experts to manage redundant products and manage alerts that don’t mean anything. The goal of continuous testing is to find the core amount of security products. To truly have a smart strategy and resilient architecture," Chenette said.

Businesses that are trying to solve the hyper-convergence of technical and business problems by purchasing tools to mitigate risk, "are instead ending up with a lack of mitigation and a lot more telling me I have a problem," said Stan Black, CSO, Citrix.

Black said, "What we are all talking about now are complex attacks going after this ecosystem of technologies and trying to find the weakest link." The bad actors know that they can find a weak link, likely long before the enterprise. Once they get in, they progress.

"They end up with a multi front attack on the network. Cryptolockers have an inherent immediate need for security teams to focus on thwarting them," said Black. "They launch one of those and in concert launch a secondary attack with other malware that is their primary. They are using the window to come in and probe, send phishing emails, or change binary codes as they learn more about your response to these attacks," he continued.