If your organization is considering a transformation to your IT Security, consider some detailed planning before you get started. There are comprehensive Data Security analytics solutions available, but they will not help your organization unless you compile a highly accurate picture of your current security and IT landscape.
- Understand your current network and how it operates
- Evaluate your security systems
- Catalog your traffic flows
- Understand the devices and applications in use
- Audit users’ behaviors and understanding of network security
- Be prepared to undertake a comprehensive network and systems audit
- Be mindful that a highly complex security system might be circumvented by staff, to make life easier. Any solution requires full support, compliance, and uptake.
Don’t Buy The Drawbridge But Overlook The Hole In The Wall
Once this is complete you should have an accurate understanding of your system and how it functions. Without such an audit you may spend money on an imposing drawbridge, but not realize or forget that there are holes in the castle wall. It’s therefore also vital that you collate data from disparate systems. For example, call up threat feed information and social media feeds into a state-of-the-art SIEM platform.
Big Data Deals With Histories
Make sure that you incorporate the most appropriate remodeling IT Security with big data analytics. Remember that big data work with history, and previous behavioral patterns won’t necessarily provide clues as to future behaviors; you will need to search for past vulnerabilities as well as anticipate future security problems. However, do not underestimate the ability of big data to shine a light on suspicious behavioral anomalies.
Don’t Forget To Cover All Bases
It is important to bear in mind that utilizing legacy systems to enable data extraction is more complex. Some organizations have found that building custom interfaces can ensure monitoring is complete. On the other hand, if you are using cloud-based systems you must undertake due diligence to ensure your cloud provider can actually plug into your SIEM. It is also important to check if your cloud provider has the capacity to offer sufficient real-time data flows. These data flow will allow you to benefit from an accurate picture showing just what is occurring across the whole of your networked systems. This is beneficial because your network systems may, of course, reside in different places.
Tailor Your Security Solutions To Suit Your Business
Once you have completed your task up until this point, it’s time to undertake off-line data analysis. This is not particularly onerous because your SIEM platform will offer suitable tools. These tools will definitely allow you to identify any easy targets and improve your basic security immediately. You can, of course, make use of a big data analytics engine which will enable you to perform tests on offline data. The benefit of such processes is that you will be able to detect useful patterns Which will undoubtedly shed light on how these behaviors can help you tailor your security processes.
Of course, some organizations may not possess the required skills within a team. Do not fudge this issue because accurate and effective data interpretation is essential here. No one should underestimate the skills of an expert security data analyst. It will definitely be worth the expenditure.
Once you have developed the most appropriate processes and possess sufficient data sources your work really begins. Real-time big data security analytics is all you need to protect your company and your employees.
It’s important, however, not to try and achieve too much. Doing some research into what tools already exist may save you considerable time. You may wish to explore solutions such as Sumologic, Hortonworks, DB Networks and Red Lambda. But don’t just rely on these tools because new platforms and capabilities are being constantly developed, remember that IT security is a rapidly evolving sector.
You may have developed your own big data analytics capability for other areas of the business using Apache Hadoop, Spark, MapReduce etc, which could be adapted to perform IT security analytics. On the other hand, if you’re not confident you have access to the skills needed, you might want to hold out for more user-friendly solutions to emerge (as they undoubtedly will in the coming months and years) before diving in headlong. Even maximizing your data sources, improving your processes, and ensuring you’re using the features of your modern SIEM platform to the full will improve security and compliance considerably, as well as putting you in the best position to take advantage of big data security tools when the right ones for your needs emerge.
Of course, you also have to be able to respond quickly once you find some potential threat in order to confirm its existence, then shut it down or contain it. That means having a robust threat response process and adequate resources (either in-house or outsourced) to perform further IT forensics, quickly identify the nature of the threat, and the best way to deal with it.
For many IT security professionals, this data-driven intelligence and response model is very different from the traditional approach, so don’t underestimate the cultural hurdles involved in its introduction. Ensure your IT team understands and buys into the reasons why change is necessary. Organizations that fail to do so will become ever more vulnerable to threats since those with out-of-date, ineffective security tools and policies will be easy pickings for attackers. Such organizations will also find it increasingly difficult to meet their regulatory and compliance requirements.
CONCLUSION: INACTION IS NOT AN OPTION
Just as physical viruses and bacteria evolve to find ways around our defenses, so too do the threats to our systems. Criminal hackers have access to vast botnets of compromised computers that they can corral at will to give them access to all the computing power they need to attack us. It won’t just be the good guys who employ machine learning, artificial intelligence, and big data analysis. The technology will inevitably be conscripted to try to break whatever defenses we put up. But in this neverending game of cat-and-mouse, one thing’s for certain – don’t be the one sitting still.
Bad Control Processes Are Worse Than None
Are Your Controls Being Circumvented By Staff?
Ever noticed how tracks develop as many feet take a short cut? You may well have designed a beautiful meandering path, but if there’s a shorter way people will take it. Human nature likes quick wins or cheating the systems. After all, controls are meaningful only for those who fear authority. Yet fear of authority is inversely proportional to frustration.
So what do we mean by this? Well, as so many companies put arduous and convoluted controls in place they simply promote circumvention. The track metaphor is once again appropriate here, therefore it’s important to highlight the fact that companies are encouraging their own, well-behaved, well-intentioned staff to become subversive.
Bad people are famous for breaking rules. Ask yourself, do terrorists fill in Risk Assessment forms? Yet ordinary people break rules all the time, but on the grounds of convenience. Let me give you an example:
One bank moved to an ITIL change control process. Great, you might think, but not when the total process filled two A0 paper sizes when printed out. This process had the net effect of blocking all change controls that were not associated with a Priority 1 incident. Therefore nothing moved, officially that is. In reality, required changes were snuck in left, right and center whenever an incident occurred. It’s yet another track cut right across the grass. These rule breaks are not deliberate or callous acts, but just a little something to make life easier.
A security architect for the same bank created a completely segmented and secure network. It was very, very impressive. In fact, it was so impressive that even the network administrators couldn’t manage the system due to its complexity. Therefore there was no automation and no support systems. What happened? The network staff installed unofficial access points and rogue endpoints were put into the networks to make life simpler.
In both cases, secret activity was carried out so people could just do their jobs. Changes were snuck in as if they were incidents. People did favors for each other on the basis of pre-existing trust relationships. Sometimes there are legitimate reasons why you shouldn’t be afraid to break the rules, but that’s another story.
That’s why processes need to take note of existing behaviors and the propensity for ‘subversive’ intent. You can lecture all you like, but unless you assess the impact of your controls you may well be disappointed. For example, a nameless CEO lectured his IRMs, or information risk managers, regarding filling in risk on a system. The problem was the system was so awful that over 60% of the entries were incomplete, wrong or lost. So what would be the point of this exercise?
SWIFT, based near Brussels, claim to have an air-gapped network. In reality what they actually have a physical network and a router configuration to protect that segment. Why?
It’s simple: walking over to the other building every day with a box of tapes is ‘overhead’.
So, UAT or user acceptance testing is vital. Yes implement controls, but remember to test them. UAT is always required. Without it, you will waste money and the control won’t work because no one is going to bother using it.
Quality control is also essential: remember, people do not do what is considered ‘hard’. By all means, make them do what is required, but do not make them do something that’s impossible.
Key learning: bad people will ignore your controls. The only people you mess up with inefficient controls are your good and faithful employees. You have been warned.