When the vulnerability in Log4j happened, security teams sought the answer to a seemingly simple question: Am I vulnerable?
Answering that question led to a maelstrom of activity. Security groups requested information from vendors about their level of vulnerability and, in turn, had to respond to their customers about whether they were vulnerable. In many ways, the entire exercise seemed more about legal obligations than making people more secure.
The deluge of information — some of it useful, some of it useless — highlighted the need to rethink how we are doing security in the future.
We're living in a chaotic time. With a possible recession, technology companies trimming their ranks, and businesses pushing further into the cloud and adopting more automation and AI, security teams need to re-evaluate. Do they just follow the traditional playbook without thinking why? Or do they improve what they are doing to make security better?
Here are some focus areas to reduce chaos and increase overall security effectiveness.
Simplify for Greater Visibility
Gaining visibility into your applications and infrastructure is essential. Companies expanding their use of the cloud and converting applications to cloud-native infrastructure often see initial growing complexity because of a period of redundancy and hybrid infrastructure.
Pushing beyond that stage provides both cost and security benefits. Limiting the use of third-party tools to capture and analyze data for security teams is important. There's really no reason to, say, pull NetFlow data off the cloud infrastructure, when that same data — and more — is natively available.
Explore your cloud service provider's tools. Major cloud providers will often provide you detailed data, and you can reduce the complexity of the infrastructure needed to analyze that data.
Pay Attention to Even the "Small" Breaches
When NASA astronauts start getting emails in French, it's time to investigate.
That's what happened to Gavin early in his security career. Turns out two students in France were using Telnet to get into the NASA server and using it to send email. The incident ended up driving a greater project around making sure NASA had a robust data classification system and better data isolation.
Weird anomalies can be signs of an attack, but they can also drive a security team to better understand their organization's infrastructure. Investigations are time consuming but also often worthwhile, so even the small stuff should be investigated.
Threat Intelligence Can Help
Usually, a security team's most precious commodity is time. The old method of analyzing every IT project (even as they are changing) and looking for security issues is untenable.
Threat intelligence can help cut through the noise. By using threat intelligence, your security team can take a priority-based approach to architecture based on real-world attack intelligence. At the same time, they can deprioritize other areas. Threat intelligence can also help refine your playbooks and increase the maturity of your security team.
Thriving With Automation, Planning for Layoffs
Security teams are facing other sorts of stress, with most economists expecting a recession. Security teams still need to be able to perform, despite stressors and even in the face of losing some of their headcount.
To focus on the most important aspects of security, even with fewer people, companies need to adopt more automation, machine learning, and artificial intelligence. Every team should be asking how to speed up manual tasks with automation. Automation, correctly applied, can free up staff to be working on the areas.
In the past, security teams have been considered a roadblock — a bump on the way to a company's core business of making money. Most teams have moved past the reflexive need to say no. We're here to make sure that the business is taking educated risks, but at the end of the day, just saying no to everything doesn't help anyone.
As every security manager surveys the horizon, they need to look at how they have traditionally approached problems. And they should consider whether now is time to say yes to something new.