Network security is a hot button issue these days. New high profile hacks and data breaches are being reported in the news at a near constant rate. In addition, the proliferation of complex networks, means that network security issues are becoming more critical to the day-to-day operating success of modern businesses, keeping them functioning optimally and safely.
The problem—most companies’ IT departments know they may need to review their security measures, but may not be clear on just how far they need to go to shore up their network’s security.
According to Network Security Company, Infoblox, many companies fail because they are trying to implement too many security technologies from a wide array of vendors—this results in “…siloed security protocols and processes, and operational inefficiencies that hinder the ability to respond to threats.”
And Gartner says, in its Best Practices for Detecting and Mitigating Advanced Threats, 2016 Update that, “Silos between network, edge, endpoint and data security systems and processes can restrict an organization’s ability to prevent, detect and respond to advanced attacks.”
Cyber attacks: A pervasive threat
They say the first rule of war (and football) is that the best defense is a good offense. But how do you target attackers when they’re becoming more sophisticated every day, rapidly multiplying with just one goal in mind—getting their hands on your sensitive data. In fact, just last month, the Federal Bureau of Investigations (FBI) noted, as part of National Cyber Security Awareness Month, that some of the most prolific cyber threats we’re currently facing include ransomware, business email compromise (BEC), and intellectual property theft.
And while the FBI assures us that they’re doing everything they possibly can, at every level, to make it harder for cyber criminals to operate, Symantec’s 2016 Internet Security Threat Report warns that 431 million new unique pieces of malware hit the Internet in 2015. The FBI’s own report says BEC scams caused estimated losses of more than $3 billion worldwide and have been reported in all 50 states, while $200 million was paid to ransomware criminals in the first three months of 2016 alone. Which is why the FBI, “asks that the public do its part by taking precautions and implementing safeguards to protect their own data.”
But today’s network security means more than firewalls and virus scanners; it needs to encompass everything from application software, to computers and storage and even networking stacks.
Cyber Security: Where to start?
But how do you determine if your security needs require low, medium, or high security measures? How do you assess your company’s needs and more importantly, how do you test the measures you already have in place to make sure there’s no way in?
First it’s important to note that often cyber attacks take advantage of some of the most basic and many times unnoticed security vulnerabilities. Things like:
- Poor patch management procedures
- Weak passwords
- Web-based personal email services
- Lack of end-user education
- The absence of sound security policies and strategies
A vulnerability assessment is perhaps the most critical step in your efforts to protect your sensitive data. Skip generic vulnerability scanners, which can be useful for identifying hidden network and host vulnerabilities but which typically identify thousands of vulnerabilities, many times redundantly and rate them according to technical severity, offering patches, rather than real individualized solutions that take your company’s underlying infrastructure and its mission-critical processes into account.
Instead base your security strategy on a sound foundation that uses the results of a more personalized vulnerability assessment, one that understands your company’s realistic risks, but also prioritizes which vulnerabilities to address first and how to do so effectively.
Here are some steps to get you started:
Gather a team
Your IT professionals cannot realistically be expected to thoroughly assess your company’s risk in a vacuum—it requires collaboration between IT, operations, finance, and legal counsel. Appoint leadership from each of these arenas to assess your security risk and strategize, as a task force. This will allow you to accurately examine the information, business processes, and infrastructure they rely on to help you avoid the dreaded silo.
For any assessment to be comprehensive, you need to look at and understand your organization’s day-to-day processes in order to identify critical and sensitive compliance issues like customer privacy and industry competition.
Review applications and data
Once you understand your processes and have prioritized them to a mission critical hierarchy, you’ll need to identify the applications and data on which they depend. Don’t forget mobile devices like smartphones, tablets, laptops and remote desktop PCs, as well as any members of your organization that may be using public email services to do company business. These are often among the weakest links in your infrastructure. Understanding how your company’s data flows between these devices, services, data center applications, and storage is imperative to a successful network security strategy.
Hardware and network infrastructure
What servers (both virtual and physical) run your applications? What routers and other network devices do your applications and hardware depend on most for fast, secure performance? Identifying which data storage devices hold your mission-critical applications (and the sensitive data used by these applications) and mapping the network infrastructure attached to them, will help you in strategizing for its protection.
Inventory existing security measures
What security measures have you already put in place? This includes:
- Firewalls (including application firewalls)
- Intrusion detection and prevention systems (IDPS)
- Virtual private networks (VPNs)
- Data loss prevention (DLP)
- Existing network security policies
- Any encryption in place on current servers and storage devices
Reviewing these protections and which vulnerabilities they’re intended to address may require some research on your part, including speaking with past or current security company representatives in order to fully understand that which is truly secure and that which is not.
Put your scan for vulnerabilities in context
Now, with a full understanding of your application and data flows, the underlying hardware, and a mapped network infrastructure, along with an understanding of your existing protections, you can confidently run vulnerability scans and put the data they provide into perspective. These scans produce scores of host and other vulnerabilities along with their severity ratings but are based solely on objective measures that do not take your company’s unique needs (system’s processes, end-users, data flows, hardware, applications, etc.) into consideration. This is where all the hard work your network security task force put in will assist you in determining your organization’s unique business and infrastructure context and your strategy for tackling the most urgent vulnerabilities within that context.
By applying this analysis to the development of your security strategy, you can avoid the silo, making the most of your security budget and strengthening your network security while minimizing specific risks inherent to your business and processes.