Businesses need to fundamentally evolve their approaches – yes, approaches, plural – to security, says RSA's Steve Schlarman.
Companies have battled security challenges in the past by building layer upon layer of defences – firewalls, antivirus, intrusion detection systems, vulnerability scanners, security policies, identity management, etc.
Of course those layers are necessary – without them your company would be completely defenceless. Those layers provide the fundamental defence in depth and are critical to protecting against the lowest common denominators – unskilled attackers and random shotgun attacks.
However, today’s adversary consistently finds ways to weave through those defences and we read almost every day about data breaches or security issues at major corporations. Security functions are faced with increasing complexities, data, business changes and an ever shifting technology landscape.
Doing the right thing should be obvious, but for today's IT security organisations, it is too often hidden. Security teams are frequently sitting in the dark manually gathering information from multiple sources just to make a decision.
When security determines what the most important issue is, it is too late to properly respond. Companies have to address the blind spots within the technical infrastructure. The evidence points time and time again to how data breaches bypassed technical controls and were not based on simple attack vectors.
Investment in packet and log capture technologies to rely less on signature based protective measures is necessary for organisations to deploy investigative resources to identify advanced, complex attacks that are weaving their way through the layers of defence.
Fusing business context into security processes is absolutely essential to deal with the growing complexity and reduce the 'noise'. Security functions are no longer protecting nameless IP addresses and servers. They understand the need to connect business criticality to IT infrastructure to drive priorities.
Little knowledge of which processes, technologies and other infrastructure components are priority for security, drives inefficiencies. In response, security functions are looking for more information from the business to catalogue and classify assets to insert these priorities into the security process.
Security is no longer just a technology problem and processes and skilled resources are just as important. Too often in many organisations the answer to a technological threat (today’s organised digital criminal adversaries) has been technology.
While technology is an enabler, the processes that support the technology and the manpower running those systems are what will make any implementation successful. Organisations need to fundamentally evolve their approaches to security efforts.
Currently, organisations have deployed these layered defences, but many are disconnected or supported by manual, time intensive processes. Detective and investigative processes and technologies must be implemented to find advanced attacks.
Prioritisation and efficient processes must be enabled by integrated security technologies that are managed by trained, skilled personnel.
Organisations are working hard to expose those blind spots, connect IT assets to business criticality and improve processes and skills such that security functions can do the right thing, at the right time, for the right reason.