Browse by year:
February - 2015 - issue > CXO View Point
Tackling Enterprise Security Through a Continuous Approach
Sumedh Thakar
Thursday, February 5, 2015
One of the things I get asked about most in my role, are my thoughts on challenges and trends driving the security market. The security industry is full of challenges that are shaping the trends of tomorrow. Globalization of the workplace, the Internet of Things, and the sheer speed at which we do business, makes it difficult to keep up with ever-evolving cyber threats and ensure an organization's overall security posture. One of the best ways to tackle these challenges is by taking a proactive, continuous approach to security. It is just not good enough anymore to look at security every once in a while. Attackers are targeting networks nonstop and hence the response of the enterprise has to be that of continuous security.

Closing the Door on Cyber Threats
Imagine you have a large house and that is your network. Every time you open a door or window there is possibility of an attacker coming in. Now imagine multiple people inside your house were opening and closing the doors and windows all day long. How can you maintain control of what's entering your house if you only checked for open doors and windows once a week? The situation with cyber security is exactly the same. You need to continuously monitor your perimeter to ensure you can track every firewall change that is made or every new device that is exposed to the internet so you can find and fix the issues before the attackers can.
As more technologies move to the cloud, more devices become connected, which means more endpoints are being added to networks faster than ever before. For hackers, more endpoints mean more doors and windows to open and exploit.
Many organizations are looking to continuous security as a means of added protection to monitor their ever-expanding network perimeters. But what is continuous security and how do you do it effectively?
If you look at some of the most recent cyber attacks, most cyber criminals are scanning and attacking on a continuous basis. Vulnerable machines can be exploited within hours. Toxic combinations of scenarios that can lead to compromises in their IT environments such as zero-days and phishing scams can expose an organization's data in an instant.

Protecting the Perimeter
Organizations perimeters today are very distributed, complex and highly dynamic. There are often various operations teams managing firewalls, load balancers, systems, applications and databases, making frequent changes to a network environment independent of one another.
Perimeter scanning and response to unintentional security holes created by these changes is often event-driven and only performed at designated times, rather than on a continuous, always-on basis. This presents a significant opportunity for cyber criminals to exploit newly introduced vulnerabilities and infiltrate corporate networks in between scans.
Once your perimeter is breached, it's very difficult to eradicate, particularly as hackers drop malware in all sorts of hidden places on your network that can remain dormant for any given period of time. Thus, with organizations increasingly expanding network perimeters globally, adopting a continuous security program is critical.
Historically, vulnerability management was all about listing and reporting potential network threats. Scans were typically conducted once a year, a report was likely sent to executives within the organization, and security teams had a manual choice whether to correct issues and conduct a follow-up scan.
With an increase in breaches and attacks over the years, many organizations pivoted, with security teams running scans serially and vulnerability reports showing up weekly, monthly or even daily. But like most internal reporting, as the cycles repeat and reports continue to roll in, eventually teams can overlook glaring threats.

The Continuous Security Model
A continuous security model shifts the data from point-in-time reports to change-detection alerts. This model can react to your fluid perimeter, and it puts you ahead of the hackers that already operate continuously. A continuous model also arms your operations team with the power to act.
A successful continuous security program is one where:
.The security team has defined its perimeter
.There is a focus on implementing, auditing, and improving high-priority controls
.Automation is key with event types and filters in place for real-time alerts
.The security staff's time is maximized and everyone knows their role
.Data analytics are used to identify and alert the right staff at the right time
.The priority remains on controlling and remediating those threats that will harm your network most.
A proactive, continuous approach to security is the best way to stay ahead of today's cyber threats. While we can't predict what the future will bring, getting into the habit of ongoing assessment and comprehensive analysis of your perimeter is a positive step in the right direction to be able to tackle what's to come.

Share on LinkedIn