Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/26/2018
03:30 PM
Mike Armistead
Mike Armistead
Commentary
100%
0%

5 Ways Small Security Teams Can Defend Like Fortune 500 Companies

Keep your company protected with a mix of old- and new-school technologies.

Your security budget is small. You know this. You have a staff of three that must do "all things cybersecurity" for a midsize or large enterprise. Or maybe you're a solo security manager whose outsourced security monitoring service only occasionally sends real incidents. You might even be that IT guy who is expected to wear multiple security hats for a few hours each week. You show no sympathy as you listen to a panel webcast consisting of large financial institutions discuss how hard it is to find the 20, 40, or 100 skilled staff members they need.

You wish you had more personnel to cover more ground, but additional head count (or additional budget for a managed security services provider) just isn't coming. And all the while, your attack surface grows and the data generated by expanding digitization of your business skyrockets. How can you effectively defend your enterprise like the "fat cats" do? A mixture of old school and new, emerging technology "ingredients" give you capabilities that even those with larger cybersecurity budgets would be hard-pressed to match.

Ingredient #1: Core telemetry. When you can't do everything, you need to focus — and that focus should be on the endpoint and network. There is a reason that these two areas have long attracted attention and automation — they can tell you a lot about whether you are compromised or not. The good news for resource-strapped teams is that most every organization has existing telemetry, including endpoint protection platforms — aka anti-malware/antivirus — and intrusion detection/prevention systems. These may not be sexy (did I just use that term in a security website?), but they still offer a wealth of capabilities. Before you chase after the latest, greatest, machine learning (ML)-based widget, look to deploy proven (and relatively inexpensive) core telemetries first.

Ingredient #2: Context. Getting an alert is only half of the security equation. The other half is figuring out if it matters. To determine the impact for any alert, you must understand its context. Therefore, know your IT infrastructure, especially where the critical assets and system vulnerabilities are. Strive to spend resources, time, and energy tracking down indicators that truly matter, and don't just chase every alert.

Ingredient #3: Automated analysis. We've finally reached the point where artificial intelligence (AI)- and ML-based solutions can perform tasks that up till now have been manual. This goal, however, is not simply to acquire a tool claiming ML or AI (because every security vendor can sell you one). The ingredient you need uses software to perform tasks that people either aren't good at or consume too much time, including monitoring high-volume, repetitive data involving ingredients #1 and #2. The key questions you must ask those offering this new-fangled ingredient include "does it save me time/resources without adding time/resources elsewhere?" (the bane of security information and event management systems, user entity and behavior analytics software, and orchestration tools) and "can you prove it works?"

Ingredient #4: Easy scaling. A common strategy among security teams is to create a funnel to match the available resources of a team. For example, only investigate critical alerts because the team doesn't have the bandwidth to process the highs, mediums, and lows. Although such strategies offer useful coping mechanisms, this approach guarantees things will be missed. New solutions — especially those that offer hybrid or cloud-only architectures — offer to turn this funnel into a pipe, providing the needed extra capacity and associated processing power on demand. Just don't forget to include service-level agreement terms to ensure your supplier expands as you need it.

Ingredient #5: Automated upkeep and learning. As mentioned above, many of today's core security operations products require significant setup and ongoing attention to deliver on their promise. Here's my advice for resource-constrained security teams: Beware of the platform! In most cases, that term means both "power to configure to your situation" (good!) and "you must pay the costs to maintain over time" (bad!). Instead, adopt technologies that can upgrade automatically, a practice that is increasingly common. (Note: Although Respond offers this, so do many other companies in this market.) Also look for solutions that can automatically adapt over time via self-learning to produce better results. Don't get too caught up in how — concentrate more on the nature of what is adapted or learned and which tasks it removes from your team.

These five ingredients can elevate your smaller-budgeted security team. With a mixture of old- and new-school approaches and technologies — especially emerging solutions aimed at automating previously manual tasks without hidden costs — your security team can perform like a much larger organization.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Mike Armistead is co-founder and CEO of Respond Software, a Silicon Valley software company that brings artificial intelligence (AI)-based products to cybersecurity teams to help them more effectively defend their enterprise.  Mike is a serial entrepreneur with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
techate
50%
50%
techate,
User Rank: Guru
7/28/2018 | 11:44:31 AM
Cyber Security For Small Business
Cybersecurity is hot and demanding for a small business. As you know hacking activities have been increasing for a few years and opposite small business could not improve ist status so small businesses have more affected. Google Customer Service is work as cybersecurity for small business
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17672
PUBLISHED: 2019-10-17
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
CVE-2019-17673
PUBLISHED: 2019-10-17
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
CVE-2019-17674
PUBLISHED: 2019-10-17
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
CVE-2019-17675
PUBLISHED: 2019-10-17
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
CVE-2019-17676
PUBLISHED: 2019-10-17
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI.