Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/21/2015
10:30 AM
Simon Gibson
Simon Gibson
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Security Tech: Its Not What You Buy, Its How You Deploy

Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.

It’s a great time to be selling security software, but a much harder time to be a CISO. Enterprise security spending has exploded in the race to protect against increasingly advanced and complex cyber threats. Much of that money is spent on modern information security tools – advanced threat detection, sandboxes, intrusion prevention systems, threat intelligence feeds, and more. The spending is growing at such a rate that Gartner predicts we will eclipse the $100 billion mark by 2018, with other industry analysts suggesting $170 billion in annual spending by 2020.

Unfortunately, buying more security software does not equal “more security.” It is not simply a matter of turning on the latest technology and walking away, problem solved. Instead, the larger challenge for security practitioners is not in what to purchase, it’s how to deploy security tools. So much emphasis has been put on product, emerging technologies, and the elusive promise of big data analytics, that there is little discussion about how to architect a secure network.

There are many different ways for deployments to fail—some are conceptual while others are matters of execution. Many organizations look at security tools and initiatives as one-off solutions, without considering the ramification of how they intersect with other initiatives, or whether or not they make sense as part of the larger security architecture. Especially in layered security models, projects that aren’t clearly defined from the outset can fall flat once they are deployed.

For example, let’s consider an organization that is deploying a multi-factor authentication program alongside a network segmentation project. And, for the sake of discussion, the deployment team decides to finish the multi-factor authentication project first. Once it is installed and working, the team pivots to the network segmentation project, but they neglected to account for the location of the multi-factor authentication machine and block its access to the network. Now, they can’t login and fix it because it’s blocked. It sounds silly, but this happens.

Another critical issue organizations must address when deploying new security tools and initiatives is ensuring fast access to data while maintaining optimal performance of various security applications on the network. A common approach to security today is to keep tools separate, with each tool competing for data and bandwidth on the network and lacking visibility into the security workflow as a whole. To ensure a maximum performance – and return on investment – network and data center architectures must be designed in a way that supplies consistent access to relevant data and traffic to security tools, while at the same time avoiding sopping network bandwidth and facilitates security workflows.

With that in mind, here are four steps security leaders can take to improve their information security based deployments.

  1. Have a 360 strategy: It can’t be overstated how critical it is to have a conceptual view of your security deployment. Without a single, overarching guide that everyone in the organization can draw from, different project teams are bound to step on each other’s toes.
  2. Clearly define your initiatives. Given the urgency created by the data breach epidemic, many security initiatives are happening in tandem. But, security systems are not all discrete, there are interdependencies that need to be accounted for. By ensuring initiatives, metrics and goals are clearly defined at the start, problems will be avoided later.
  3. Recognize how tools interact. In the same way that we don’t want project teams getting tangled up, we need to understand how different security tools interact, how they get their data, and how they perform on the network. The overall workflow orchestration should be considered
  4. Consider what each addition adds to the whole. There has been a rush to buy the “next-generation” of a security technology to fight off the rising tide of malware. But good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts. Every addition to the security architecture should be considered from the standpoint of what it adds to overall security.

It’s understandable that security practitioners want to move fast; they are surely feeling the pressure from all sides on the data breach issue. But complex problems do not often have simple solutions, and in this case that is especially true. When leaders arm security teams with clear ideas of what needs to be done, well-defined plans, and a more deployment-focused thought process, projects can thrive – and that is what will lead to better overall security.

Simon Gibson is a Fellow Security Architect at Gigamon. He provides direction and roadmaps for the product that secures applications that secure the Internet. Simon has been working on Internet infrastructure for nearly 20 years from small ISP's, to developing streaming ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
12/24/2015 | 8:37:58 AM
security as a responsibility
this is a good essay

here in the Holiday Season I'd like to add that while many of us are able to act to reduce risks to our personal systems at the same time we should have a reasonable expectation that proper security measures have been taken by those we correspond with whether that is a Credit Union, the IRS,  an online merchant, or an information site such as a Sports Net

what this means is that we need to collectively move to a responsibilty model of security.    all too often "sophisticated attacks" turn out to be the ten cent, warmed over hacks that are circulated on the DarkNet markets

there are two important areas in this that are generally skipped over by too many providers -- resulting in the monumentasl debauch we call "hacking" today

1. use a secure operating system .    a secure operating system will not allow itself to be compromised by the activity of an application program

2. implement proper authentication of transactions.  x.509 certificates need to be authenticated by users 1 at a time and only for required communication links.    the current system of printing certificates like newspapers is a mess on tap -- and has already been compromised several times .

 
macker490
50%
50%
macker490,
User Rank: Ninja
12/24/2015 | 8:38:19 AM
security as a responsibility
this is a good essay

here in the Holiday Season I'd like to add that while many of us are able to act to reduce risks to our personal systems at the same time we should have a reasonable expectation that proper security measures have been taken by those we correspond with whether that is a Credit Union, the IRS,  an online merchant, or an information site such as a Sports Net

what this means is that we need to collectively move to a responsibilty model of security.    all too often "sophisticated attacks" turn out to be the ten cent, warmed over hacks that are circulated on the DarkNet markets

there are two important areas in this that are generally skipped over by too many providers -- resulting in the monumentasl debauch we call "hacking" today

1. use a secure operating system .    a secure operating system will not allow itself to be compromised by the activity of an application program

2. implement proper authentication of transactions.  x.509 certificates need to be authenticated by users 1 at a time and only for required communication links.    the current system of printing certificates like newspapers is a mess on tap -- and has already been compromised several times .

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.