Partner Perspectives  Connecting marketers to our tech communities.
11/8/2016
02:47 PM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Every Minute Of Security Planning Will Save You 10 Minutes In Execution

Leveraging automation, orchestration, and interoperability in your cybersecurity plans now will save you significant time later.

Time management guru Brian Tracy is often quoted as saying, “Every minute of planning you do now will save you 10 minutes in execution; this gives you a 1,000% return on energy.”

In cybersecurity, where we are faced with a volume of threats and events that exceeds the capacity of available resources, achieving this level of return on time and energy is essential. Whether you need to update existing plans or build new ones, investing in cyber defensive strategies, incident response plans, security personnel, and operational processes has to be part of your organization’s continuous improvement practice.

When building and updating plans, look to industry best practices. In cybersecurity, this means promoting the use of as much interoperability, automation, and orchestration as possible within an organization’s security operations. However, you will not necessarily get optimal results and maximum velocity by simply adding these capabilities on top of existing architectures, policies, and processes.

Architecture Enables Velocity

Increasing velocity requires an architecture that can actually be sped up. Most organizations rely on a multivendor, siloed security infrastructure, where products do not communicate with each other. These types of security architectures lack sufficient interoperability of the inspection, intelligence gathering, analytics, and enforcement components to gain much from automation.

Interoperability enables automation and improves effectiveness. The active sharing of data makes it practical and possible for every security control to leverage each other’s strengths and experiences. Rather than treating each malware interaction as a standalone event, adaptive threat prevention integrates processes and data through an efficient messaging layer. This approach reinforces levels of inspection and analysis and connects end-to-end components to generate and consume as much actionable intelligence as possible from each event.

Processes And Policies Are Lubricants

An adaptive and interoperable security architecture helps overcome the all too common functional fences that impede detection, response, and any chance of improved prevention. However, this is only possible when the organization’s processes and policies complement the architecture. Unintegrated security functions keep organizations in firefighting mode, always reacting and pouring human resources into every breach. Process inefficiency exhausts scarce investigative resources and lengthens the timeline during which data and networks are exposed to determined attackers, which is directly correlated with the extent of damage.

Automation And Orchestration Are Accelerants

Enabled by an interoperable architecture and efficient processes, automation and orchestration become a force multiplier, augmenting human capabilities, increasing processing capacity, reducing workloads, and significantly improving incident response times. Security products, integrated with a real-time, bidirectional messaging layer, can directly share event data, context, and threat intelligence, regardless of location and with little or no human interaction. This means that you can communicate security policies and commands from centralized security controls to remote branches, home offices, mobile devices, cloud services, and IoT devices.

It is simply no longer acceptable for the time-to-detection to reaction to containment to take hours or even minutes. To accelerate this process and keep up with the enormous volume of sophisticated threats, security architectures and processes must evolve and be automated.

Intel Security’s Data Exchange Layer (DXL) is an open and easily integrated messaging fabric that enables security components from a large ecosystem of vendors to share relevant data. By providing near real-time command and control options for otherwise inaccessible systems, it benefits organizations by facilitating automated response, vastly reduced response times, and better containment. The goal of DXL is to promote collaborative security, enable active command and control, forge interoperability (plug-and-play) among distributed elements from disparate vendors, and ensure consistency and speed of outcomes.

In closing, get started planning today so that you can benefit from the savings on execution time tomorrow. Remember to apply your security reference architecture planning across all phases of your protection domains, including your IoT ecosystems. One last quote from Brian Tracy: “Imagine no limitations; decide what's right and desirable before you decide what's possible.”

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.