Your Security Posture: Is it Working?

Unless your company is truly starting from scratch with a greenfield installation, which is truly rare in the enterprise computing space, the first step in approaching your security posture will be a true and honest assessment of what is already in place. The operative term here is “true and honest.” It may be tempting to gloss over newly discovered gaps or issues regarding the comprehensiveness of your company’s IT security infrastructure. This is especially true if the discrepancies might reflect poorly on specific individuals. However, a problem found is nearly as constructive as a problem solved. Therefore, it is important to approach this exercise with as much honesty and integrity as possible in order to establish a broad base of protection that defends not only your most important assets, but also safeguards different routes among less important resources that can be used to gain deeper and more dangerous penetration. Trusted Advisors can plan an instrumental role in managing this process.

As your company evaluates its cyber security posture, place particular emphasis on the collection of supporting metrics, the identification of key areas in need of particular protection, areas in which necessary protection is not provided, and an assessment of specific risks, attack surfaces, and attack vectors. And, of course, the process culminates in a detailed look at how to mitigate any issues and execute improvements.

Organizations will often focus on protections for that single resource that they deem most critical or most valuable. They lose sight of the fact that the attackers merely need to access a vulnerable machine that has access to that critical resource, sometimes via multiple hops. Effective defense in this environment requires a detailed look at how systems are connected.

In most cases, this involves a thorough review of the infrastructure, including any cloud services used by the company. The enterprise customer’s Trusted Advisor can play an instrumental role in ensuring the proper execution of this phase. A penetration test and a test of exploits against employees may be advisable. These services can cost between $10,000 and $25,000. Some companies may be willing to do them for free, but the fee-based alternatives are generally viewed as more comprehensive.

Most of the customers participating in AVANT’s assessment surveys were no strangers to third-party security assessments. More than 60 percent of them have had such an assessment conducted within the last year, nine percent have done so more than a year ago, and another nine percent have never done a third-party security assessment at all. The remainder were uncertain of whether such a test had ever been done.

It will be important to view security from the standpoint of defending your data center while at the same time providing the necessary protections to fully support your company’s web-facing services. On the data center side of the equation, your company’s local infrastructure will need endpoint security, a traditional firewall, or, in certain circumstances, a next generation firewall that incorporates a variety of otherwise disparate functions. Decision-makers should anticipate a need for a comprehensive solution that gathers log information from a wide array of sources and inputs, and then correlates that data with both known threats and behavioral analysis to uncover threats that might not have an existing signature associated with it. This function is typically built around the use of a SIEM platform that should be coupled with intrusion prevention and detection capabilities that can be extended to server-based or virtual machine-based devices.

The alerts that arise from this kind of system need to be evaluated by qualified security analysts, and that’s typically where an MSSP can be of service for companies that don’t have the resources, or their own 24×7 SOC.

On the cloud side of the equation, most companies would be well advised to adopt a stateful firewall (which tracks network connections), a web application firewall, and DDoS protection, as well as making sure that the security features of the cloud service are properly configured from the customer point of view.

According to AVANT’s State of Disruption Report, the vast majority of enterprise decision-makers say they’re unprepared for a cyberattack, even though nearly three-fourths of those decision-makers feel a successful attack could cost them their jobs. By approaching security from both sides of the on-premises demarcation, you can not only reduce risk, you can also parlay your enhanced security into enhanced peace-of-mind.

For more information, contact your Trusted Advisor.