Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Cyber Security News

Building Enterprise Solutions to 8 Major Cybersecurity Problems

As the incidence and impact of cybercrime and cyber-warfare on business continues to escalate, one fact is beyond dispute: enterprises are losing. Enterprises are losing revenue, customer data, goodwill and intellectual capital. This might come as a surprise to some people, considering that businesses are spending increasing portions of their IT budgets specifically on security on ever more sophisticated solutions.

So how can they possibly be losing the war when they’re spending more than ever on IT security? There are undoubtedly many reasons for this, but the root cause typically lies within the very DNA of an organization. Here are some indicators that your enterprise is overly vulnerable – and some steps you can take to rectify that.

  • Lack of executive and board support. Commitment from the top is the single most important factor in determining vulnerability. I strongly believe that the CIA triad – confidentiality, integrity and availability – in CISSP parlance applies to not only technology components but to people as well. Particularly the integrity component as applied to executive leadership. If executives are willing to sacrifice security for convenience, this tone will trickle down through the organization, making it virtually impossible to implement comprehensive and effective security policies.
  • Security strategy is applied from the outside-in instead of from the inside-out. Organizations commonly invest outsized portions of their IT security budgets at the perimeter, yet most of their critical resources are deep within the network. Security controls should evolve outward starting from the application to the point of access.
  • The belief that “defense-in-depth” equals “layered security.” Defense-in-depth is the result of layered security and not the opposite. For example, chaining firewalls, intrusion protection systems and application delivery controllers (ADCs) in front of an application will likely lead to decreased security because each platform is operating in a silo. Without the benefit of sharing context in real-time with each other, devices in the service chain don’t have a complete picture of the communication. In addition, organizational focus and expertise is divided among the tiered platforms, leading to a situation where the sum is less than the parts.

    Consider a vertically layered security model by consolidating security functions in fewer platforms. Invest in platforms that have the ability to inspect and understand the entire context and flow of a transaction from the network to the application. This approach provides a path to a better security posture since it allows you to channel resources and expertise into delivering the security function instead of managing platforms with improved operational efficiency.
  • Poor operational practices and processes. Great IT security starts with excellent operations – practices such as change policy, aggressive patch management, standards compliance and baselining. Operations are key because they allow an organization to establish normalcy.  

    Establish a common-sense change policy that balances business with operational availability concerns. If a change policy is overly restrictive, administrators will neglect patching systems against known vulnerabilities, which can lead to unnecessary risks for the enterprise.
  • No centralized and pervasive monitoring infrastructure. The NSA should have nothing on your enterprise monitoring capabilities. Every platform on the network should have a monitoring strategy to detect changes – and changes should be measurable against a baseline. For example, when an administrative group is changed, an alert should be issued.

    Consider investing in log consolidation and trending solutions even before SIEM solutions. Most organizations focus on event correlation before they have even established a pervasive monitoring infrastructure. Once that infrastructure is established, SIEM can be used to align the data log data with normal activity and detect anomalies.
  • Principle of least privilege is not rigorously applied to platform, application and data access. For attackers, accounts with elevated or administrative privileges are an ideal target. If an attacker compromises a host without having elevated privileges, they must take the additional and potentially more difficult step of elevating their level of privileges in order to gain an effective foothold on the compromised system. Organizations, however, often make obtaining administrative level privileges a trivial task; users and administrators often both operate with elevated and/or administrative privileges. This is roughly equivalent to locking the door to your home but leaving the key in the lock.  

    Consider vaulting sensitive administrative credentials and rotate them like encryption keys after a set number of credential uses, per the risk profile of the system or application. In addition, users and administrators alike should not operate with administrative privileges unless absolutely necessary at a particular point and time.
  • The enterprise network is flat. Internal network zoning and security boundaries are critical to help reduce the scope of a potential compromise.  In networks without zones, a single compromised host can communicate freely throughout the entire network, making it extremely difficult to determine the scope and impact of a compromise.

    Consider applying segmentation policies at the ADC. This is a logical place to apply access policies and monitor application traffic since most enterprise applications typically reside behind an ADC. Only allow users limited access to services (for example, DNS), and only allow network-based access to presentation tiers of applications.
  • Users have broad access to the Internet. Users with broad or unlimited Internet access typically represent the largest threat vector for an enterprise. Whether it be phishing, drive-by downloads, or email-based malware; infiltration, command and control, and exfiltration of data will usually require some form of Internet connectivity. Limiting Internet access for users will radically improve the security posture of an organization.

    Implement stringent Internet access policies to restrict employees’ access to work-related sites only, such as for B2B transactions. With the prevalence and pervasiveness of personal smart devices, users can still work productively and stay connected without placing the organization at undue risk.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.