Vulnerabilities / Threats

7/26/2018
03:30 PM
Mike Armistead
Mike Armistead
Commentary
100%
0%

5 Ways Small Security Teams Can Defend Like Fortune 500 Companies

Keep your company protected with a mix of old- and new-school technologies.

Your security budget is small. You know this. You have a staff of three that must do "all things cybersecurity" for a midsize or large enterprise. Or maybe you're a solo security manager whose outsourced security monitoring service only occasionally sends real incidents. You might even be that IT guy who is expected to wear multiple security hats for a few hours each week. You show no sympathy as you listen to a panel webcast consisting of large financial institutions discuss how hard it is to find the 20, 40, or 100 skilled staff members they need.

You wish you had more personnel to cover more ground, but additional head count (or additional budget for a managed security services provider) just isn't coming. And all the while, your attack surface grows and the data generated by expanding digitization of your business skyrockets. How can you effectively defend your enterprise like the "fat cats" do? A mixture of old school and new, emerging technology "ingredients" give you capabilities that even those with larger cybersecurity budgets would be hard-pressed to match.

Ingredient #1: Core telemetry. When you can't do everything, you need to focus — and that focus should be on the endpoint and network. There is a reason that these two areas have long attracted attention and automation — they can tell you a lot about whether you are compromised or not. The good news for resource-strapped teams is that most every organization has existing telemetry, including endpoint protection platforms — aka anti-malware/antivirus — and intrusion detection/prevention systems. These may not be sexy (did I just use that term in a security website?), but they still offer a wealth of capabilities. Before you chase after the latest, greatest, machine learning (ML)-based widget, look to deploy proven (and relatively inexpensive) core telemetries first.

Ingredient #2: Context. Getting an alert is only half of the security equation. The other half is figuring out if it matters. To determine the impact for any alert, you must understand its context. Therefore, know your IT infrastructure, especially where the critical assets and system vulnerabilities are. Strive to spend resources, time, and energy tracking down indicators that truly matter, and don't just chase every alert.

Ingredient #3: Automated analysis. We've finally reached the point where artificial intelligence (AI)- and ML-based solutions can perform tasks that up till now have been manual. This goal, however, is not simply to acquire a tool claiming ML or AI (because every security vendor can sell you one). The ingredient you need uses software to perform tasks that people either aren't good at or consume too much time, including monitoring high-volume, repetitive data involving ingredients #1 and #2. The key questions you must ask those offering this new-fangled ingredient include "does it save me time/resources without adding time/resources elsewhere?" (the bane of security information and event management systems, user entity and behavior analytics software, and orchestration tools) and "can you prove it works?"

Ingredient #4: Easy scaling. A common strategy among security teams is to create a funnel to match the available resources of a team. For example, only investigate critical alerts because the team doesn't have the bandwidth to process the highs, mediums, and lows. Although such strategies offer useful coping mechanisms, this approach guarantees things will be missed. New solutions — especially those that offer hybrid or cloud-only architectures — offer to turn this funnel into a pipe, providing the needed extra capacity and associated processing power on demand. Just don't forget to include service-level agreement terms to ensure your supplier expands as you need it.

Ingredient #5: Automated upkeep and learning. As mentioned above, many of today's core security operations products require significant setup and ongoing attention to deliver on their promise. Here's my advice for resource-constrained security teams: Beware of the platform! In most cases, that term means both "power to configure to your situation" (good!) and "you must pay the costs to maintain over time" (bad!). Instead, adopt technologies that can upgrade automatically, a practice that is increasingly common. (Note: Although Respond offers this, so do many other companies in this market.) Also look for solutions that can automatically adapt over time via self-learning to produce better results. Don't get too caught up in how — concentrate more on the nature of what is adapted or learned and which tasks it removes from your team.

These five ingredients can elevate your smaller-budgeted security team. With a mixture of old- and new-school approaches and technologies — especially emerging solutions aimed at automating previously manual tasks without hidden costs — your security team can perform like a much larger organization.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Mike Armistead is co-founder and CEO of Respond Software, a Silicon Valley software company that brings artificial intelligence (AI)-based products to cybersecurity teams to help them more effectively defend their enterprise.  Mike is a serial entrepreneur with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
techate
50%
50%
techate,
User Rank: Apprentice
7/28/2018 | 11:44:31 AM
Cyber Security For Small Business
Cybersecurity is hot and demanding for a small business. As you know hacking activities have been increasing for a few years and opposite small business could not improve ist status so small businesses have more affected. Google Customer Service is work as cybersecurity for small business
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.