Partner Perspectives  Connecting marketers to our tech communities.
4/30/2018
09:00 AM
Jack Hamm
Jack Hamm
Partner Perspectives
Connect Directly
LinkedIn
RSS
50%
50%

3 Ways to Maximize Security and Minimize Business Challenges

The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business change.

While security professionals like to think that a "network is a network," in truth, every network is bespoke – formed from accepted design patterns, business requirements, organic growth and designer preference. Consequently, it’s not feasible to choose security tools with the mindset of, "If I just had this network intrusion detection system (NIDS) and that user behavior analytics (UBA) tool, then I’d be secure for sure." Why? Because it doesn’t address the unique challenges you need to solve to secure your unique network.

Figure 1: Unrefined data goes to all tools, resulting in poor detection and overburdened staff. (Source: Gigamon)
Figure 1: Unrefined data goes to all tools, resulting in poor detection and overburdened staff. (Source: Gigamon)

A better approach to choosing tools and architecting networks to minimize challenges and maximize security starts with three key areas:

IT Staffing and Talent
With IT staffing and talent, your aim is to understand skillsets and resource contention to determine if you can partner with IT to run security tools or if you'll largely be on your own. Some questions and decisions that to consider:

  • Is your IT organization skilled or unskilled?
    If they’re skilled, you might consider more homegrown, OSS-based tools and customer infrastructure that IT can manage. This approach would leave SecOps using tools and it would change the staffing blend. If, however, your IT team is more of a help desk function with only a small number of engineer-level folks, you might need to staff SecOps to build and operate their own security infrastructure, develop their own tools and have the capacity to use those tools.
  • Is your IT organization staffed to take on security?
    Some organizations have large IT teams that can keep up with the change needed when running security infrastructure. If so, you might decide to have IT handle your tool deployment, management and architecture. If not, you might consider having IT largely handle getting you into the network, but with you taking responsibility for the tooling itself.

Organizational Tolerance and Need
In this area, it’s important to ask questions about the level of security risk that’s acceptable to your organization, and to determine what needs to happen and what should never happen.

  • What specific industry requirements do you have? What certifications must you adhere to?
    If you’re a public company, a hospital or a juice maker, you’ll have a certain set of requirements that guide your tool selection and operation. If on the other hand, you’re a start-up with only reputation risk, you might choose a completely different path.
  • Are you starting from scratch or have you been in business for 40 years?
    If you’re a startup, have a new office or your old office burned down, you can do things the right way from the start. If your network is 40 years old and there are rumors that someone is still on token ring, you’re largely going to be trying to weave security in and pull apart the cruft.
  • Do you know what is most important to protect?
    If you know what your defensible space should be, you can super-tool around that small percentage that must not burn, and you can allow some burning on the edge. For example, do you care most about crypto material, but not at all about employee Bob’s laptop? Answers to these questions can significantly inform your strategy.

Business Change
Finally, how will you weather change? Everyone does this differently. Even if you can’t predict the future, understanding how your IT and overall organization might react to a major change is a great way to inform your current tool selection and give you a glimpse into how to react.

  • What happens if you’re acquired?
    Do you have an asset list today? If not, maybe you need to install some discovery capability onto the network.
  • What happens when there’s an incident?
    Do you know which tool got the data from VLAN13? Are you sure you collected both sides of the flow? There is nothing more depressing in an incident than realizing you didn’t collect the right data and that awesome vendor you need to fly in to help is going to remind you of your folly on the invoice.
  • What if your CISO leaves?
    Have you built a security infrastructure than can easily be explained and demonstrated to incoming leadership? What if the board wants an overview of how the company "does" security? You need to have not only a robust tool set, but a well-organized one. If you provide a network map that looks like a Jackson Pollock piece, you might find that you’re not going to get that new deception tool you want.

Security isn’t easy, and none of us should add to that challenge with a bad security infrastructure. If you start by asking questions related to staffing and resources, risk tolerance and business change, you can begin to hone in on what security tools can best meet your unique network needs.

Jack is principal information security engineer at Gigamon, responsible for managing the company's internal security team – conducting security operations, security architecture and incident response. A hands-on, seasoned operations manager with a focus on quality and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
gigamon: Partner Perspectives
Gigamon is the company driving the convergence of networking and security. We help make more threats visible, deploy resources more efficiently and maximize performance of your network and security tools.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.