Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/21/2015
10:30 AM
Simon Gibson
Simon Gibson
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Security Tech: Its Not What You Buy, Its How You Deploy

Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.

It’s a great time to be selling security software, but a much harder time to be a CISO. Enterprise security spending has exploded in the race to protect against increasingly advanced and complex cyber threats. Much of that money is spent on modern information security tools – advanced threat detection, sandboxes, intrusion prevention systems, threat intelligence feeds, and more. The spending is growing at such a rate that Gartner predicts we will eclipse the $100 billion mark by 2018, with other industry analysts suggesting $170 billion in annual spending by 2020.

Unfortunately, buying more security software does not equal “more security.” It is not simply a matter of turning on the latest technology and walking away, problem solved. Instead, the larger challenge for security practitioners is not in what to purchase, it’s how to deploy security tools. So much emphasis has been put on product, emerging technologies, and the elusive promise of big data analytics, that there is little discussion about how to architect a secure network.

There are many different ways for deployments to fail—some are conceptual while others are matters of execution. Many organizations look at security tools and initiatives as one-off solutions, without considering the ramification of how they intersect with other initiatives, or whether or not they make sense as part of the larger security architecture. Especially in layered security models, projects that aren’t clearly defined from the outset can fall flat once they are deployed.

For example, let’s consider an organization that is deploying a multi-factor authentication program alongside a network segmentation project. And, for the sake of discussion, the deployment team decides to finish the multi-factor authentication project first. Once it is installed and working, the team pivots to the network segmentation project, but they neglected to account for the location of the multi-factor authentication machine and block its access to the network. Now, they can’t login and fix it because it’s blocked. It sounds silly, but this happens.

Another critical issue organizations must address when deploying new security tools and initiatives is ensuring fast access to data while maintaining optimal performance of various security applications on the network. A common approach to security today is to keep tools separate, with each tool competing for data and bandwidth on the network and lacking visibility into the security workflow as a whole. To ensure a maximum performance – and return on investment – network and data center architectures must be designed in a way that supplies consistent access to relevant data and traffic to security tools, while at the same time avoiding sopping network bandwidth and facilitates security workflows.

With that in mind, here are four steps security leaders can take to improve their information security based deployments.

  1. Have a 360 strategy: It can’t be overstated how critical it is to have a conceptual view of your security deployment. Without a single, overarching guide that everyone in the organization can draw from, different project teams are bound to step on each other’s toes.
  2. Clearly define your initiatives. Given the urgency created by the data breach epidemic, many security initiatives are happening in tandem. But, security systems are not all discrete, there are interdependencies that need to be accounted for. By ensuring initiatives, metrics and goals are clearly defined at the start, problems will be avoided later.
  3. Recognize how tools interact. In the same way that we don’t want project teams getting tangled up, we need to understand how different security tools interact, how they get their data, and how they perform on the network. The overall workflow orchestration should be considered
  4. Consider what each addition adds to the whole. There has been a rush to buy the “next-generation” of a security technology to fight off the rising tide of malware. But good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts. Every addition to the security architecture should be considered from the standpoint of what it adds to overall security.

It’s understandable that security practitioners want to move fast; they are surely feeling the pressure from all sides on the data breach issue. But complex problems do not often have simple solutions, and in this case that is especially true. When leaders arm security teams with clear ideas of what needs to be done, well-defined plans, and a more deployment-focused thought process, projects can thrive – and that is what will lead to better overall security.

Simon Gibson is a Fellow Security Architect at Gigamon. He provides direction and roadmaps for the product that secures applications that secure the Internet. Simon has been working on Internet infrastructure for nearly 20 years from small ISP's, to developing streaming ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
12/24/2015 | 8:38:19 AM
security as a responsibility
this is a good essay

here in the Holiday Season I'd like to add that while many of us are able to act to reduce risks to our personal systems at the same time we should have a reasonable expectation that proper security measures have been taken by those we correspond with whether that is a Credit Union, the IRS,  an online merchant, or an information site such as a Sports Net

what this means is that we need to collectively move to a responsibilty model of security.    all too often "sophisticated attacks" turn out to be the ten cent, warmed over hacks that are circulated on the DarkNet markets

there are two important areas in this that are generally skipped over by too many providers -- resulting in the monumentasl debauch we call "hacking" today

1. use a secure operating system .    a secure operating system will not allow itself to be compromised by the activity of an application program

2. implement proper authentication of transactions.  x.509 certificates need to be authenticated by users 1 at a time and only for required communication links.    the current system of printing certificates like newspapers is a mess on tap -- and has already been compromised several times .

 
macker490
50%
50%
macker490,
User Rank: Ninja
12/24/2015 | 8:37:58 AM
security as a responsibility
this is a good essay

here in the Holiday Season I'd like to add that while many of us are able to act to reduce risks to our personal systems at the same time we should have a reasonable expectation that proper security measures have been taken by those we correspond with whether that is a Credit Union, the IRS,  an online merchant, or an information site such as a Sports Net

what this means is that we need to collectively move to a responsibilty model of security.    all too often "sophisticated attacks" turn out to be the ten cent, warmed over hacks that are circulated on the DarkNet markets

there are two important areas in this that are generally skipped over by too many providers -- resulting in the monumentasl debauch we call "hacking" today

1. use a secure operating system .    a secure operating system will not allow itself to be compromised by the activity of an application program

2. implement proper authentication of transactions.  x.509 certificates need to be authenticated by users 1 at a time and only for required communication links.    the current system of printing certificates like newspapers is a mess on tap -- and has already been compromised several times .

 
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .