This is the first entry in a series of blogs covering the role of security in businesses today.
When people talk about the fastest areas of growth in IT today we automatically think about cloud, mobile, social media and web or portal based services. However, it has become very clear in recent times that the fastest area of growth is most likely security. Today’s business security measures go far beyond locking doors and using firewalls. It includes things like knowing what you have, where it is, what level it is at and what the impact is if something goes wrong. More importantly, it is about determining which assets to protect and the priority for those assets when it comes to remediation. In short, it is all about risk mitigation.
Every CIO and CTO today is involved in risk mitigation for IT. Common pain points shared by nearly every IT shop include:
- Compliance – internal and HIPAA, PCI, etc.
- Unmanageable amounts of security event data
- The need for visibility into the network and systems
- Time required for forensics analysis
- Too many security products installed – this affects operational efficiency
- Need to improve management of vulnerabilities to reduce risk
Typically, the pain points above fall into one of the following areas:
- Lifecycle management
- Inventory and asset management
- Patch management
Security means many different things to many people. True security covers everything from physical security all the way through to network security, fraud protection and, in some cases, disaster recovery. What is critical is to have a structure in place where someone owns security. There are several roles that have been introduced that take care of this – the primary two roles are the CSO (Chief Security Officer) and the CISO (Chief Information Security Officer). Sometimes the two are combined but more companies are separating the roles.
The CSO is the top executive who is responsible for all of the security needs and challenges for the firm, including security of personnel, physical and logical assets, and information in both physical and digital form. This includes communications as well as business systems. The CSO will also have a role working with the CIO in planning and managing DR (disaster recovery) activities, since DR, or the lack thereof, is a security risk. Typically, the CSO is responsible for security awareness, developing security practices and enforcing them, and buying products and services that help improve security. The CSO is also responsible for communicating security needs and challenges to company management and typically reports to the CIO or CTO, although occasionally they report to the CEO. Without a CSO, the responsibilities of the CSO role typically fall to the CIO.
The CISO role supplements that of the CSO. The CISO is responsible for structuring the security initiatives with security programs and business objectives. The CISO also ensures that the security programs adhere to any regulatory compliance programs that impact the company. Examples of such programs include PCI DSS, HIPPA, etc.
There are three major components to security and they require significant planning:
Stopping threats is critical and involves preventing attacks from being successful. It also includes fraud detection as well as preventive remediation, such as applying patches for known bugs.
Detecting attacks before they are successful is important – it is much easier to deal with an attack and block it, than it is to clean up the aftermath of one.
This is where many companies fall down. A response plan and team needs to be set up before an incident occurs. It also needs to be well known within the company. That way, when there is an issue everyone knows their role and knows who to contact and what actions to take. This also means that policies and rules are followed so you don’t get into issues around chain of custody and it ensures that evidence gathering is done correctly. The response also needs to include policies around remediation as well.
What is the goal?
The first step in developing a security plan is to determine what your end goal is. This means performing a risk analysis and determining what the critical assets are that you need to protect. And don’t forget to include personnel who may be critical – it is not just about computers and software. Examples of plan items around protecting assets would include:
- Governing and administering users and their access (physical and computer)
- Identifying and protecting critical business assets
- Managing application security risks
- Securing data once you know what and where it is – This includes actual data as well as logs and programs.
- Protecting mobile assets – Cell phones, laptops, USB keys, and tablets are just a few of the items that fall into this category but they are the most likely assets to get stolen or lost and they often contain critical business data. Backup tapes should also be considered as a security risk, especially if they go offsite.
A typical approach to security is to make it difficult. As an example, not allowing users to repeat their last 25 passwords or requiring a password so long and complex that people have to write it down. There are many other approaches that are less onerous – things like two or three factor security where you can allow a simpler password to be used with something else like a token. A great deal of attention also needs to be paid to social engineering – teaching people best practices such as not allowing tailgating (holding he door for others without badges) even if it is the CTO or CEO. Common sense needs to be merged with security needs to come up with a best of breed solution.
Building a strategy
There is a plethora of products out there to help with your security needs and we will explore some of them in upcoming blogs. But products are not the whole answer. First, you have to know what you want to protect and then you need a plan that ensures that assets are protected and that they are incorporated into DR plans. There is also a trend to partially or completely outsource security. Security-as-a-service offerings have become more common and can include:
- Anti-virus and spam management
- Network security
- Log management and reporting
- Secure email and web gateways
- Identify and access management
- Remote vulnerability assessment
- Security information management
- Incident response
And there are many other offerings. All of this can be done fully or partially in-house or it can be outsourced. Cloud service providers can deliver total management of all your security services, policies and administration.
It seems impossible to completely secure your business, let alone your IT systems in times like this – it is an overwhelming task when you combine the network, server and other endpoints and realize just how many of them you have. Enterprise data is stored across many disparate systems, and data volumes are huge and growing rapidly due to the growth in cloud, analytics and mobile. Additionally, good security plans need to protect people as well as buildings.
It is more critical than ever to have a good risk and remediation strategy for people, buildings and digital assets such as data. With the growth in cloud, mobile, social media and web or portal based services it is critical that a well thought out security plan that includes security intelligence and analytics as well as detection and remediation be in place. In future blogs we will explore some of the options and best practices for improving security.
Schedule a consultation today to learn more about security or security-as-a-service.
If you liked this blog, you also might like: Strategies for Securing Your Business Part II
IBM Security: QRadar Intelligence and Ops
IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities.&nbsp;
IBM QRadar Security Intelligence Solutions Grow As Your Needs Grow
Organizations today need integrated security intelligence solutions that can grow as their business grows, both in terms of size and capabilities. The IBM QRadar Security Intelligence Platform meets these requirements by providing an integrated security solution that is highly scalable, and can expand it’s capabilities to meet increasingly hostile security challenges. This short video describes how IBM Security QRadar delivers scalability, visibility, vulnerability management, risk management, and performs forensics analysis to help you quickly and efficiently detect and respond to security threats. To learn more, please visit http://ibm.co/1HNzm2n
Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF
Report: IBM X-Force Threat Intelligence Report 2016
In the modern era of mega breaches, there seems to be an ever-upward trend of more attacks, more leaked records and more varied threats. Yet, by the numbers, 2015 was not a complete disaster. While significant interruptions, shifts in perspective and challenges to the security industry continue to evolve, there are some areas of slowed growth and even improvement. This paper takes a look at some of the notable highlights from 2015 and makes some projections at what we might glean for the future.
KocSistem Replaces Their SIEM & Deploys QRadar For Log Management & Regulatory Compliance
Many organizations are challenged with meeting regulatory compliance mandates. Watch this video and learn how Ko?Sistem, one of the largest IT services companies in Turkey, is complying with regulations using IBM Security QRadar. You will hear about how they removed a SIEM from another company and installed QRadar, and lowered costs, improved performance, and benefited from greater ease of use.For more information on QRadar, please visit: http://ibm.co/1DFd42q
The Next Era for Security – IBM QRadar Security Intelligence Platform
“IBM QRadar Security Intelligence Platform provides real-time transparency to see better into your organization than ever before,” says Steve Robinson, Vice President, IBM Security Division. Implementing the security information and event management (SIEM) dashboard, the IBM QRadar platform brings security operations teams full visibility through a single window. It also automates the tedious task of vulnerability management. Security teams can spend less time on manual tasks and more time on network security assessments. This means, according to Robinson, “QRadar will probably pay for itself right out of the gate.”For more information on Security Intelligence go to: http://ibm.com/software/products/us/en/subcategory/SWI60For more information on IBM Security: http://ibm.co/ibmsecurity
IBM Security Intelligence for the Cloud with QRadar
IBM QRadar Security Intelligence helps you monitor the cloud for security breaches and compliance violations using advanced security analytics. Using a flexible deployment architecture and connectors to popular cloud services, IBM QRadar Security Intelligence provides deep visibility of threats across both on-premise IT and hybrid cloud deployments.To learn more, please visit http://ibm.co/1DwamZk
How to Investigate Security Incidents Quickly and Easily
What’s behind a cyber attack? Gaining insight and clarity into the what, when and how of an enterprise security incident: IBM Security QRadar Incident Forensics helps you win the race against time when a security breach occurs by allowing you to rapidly and easily perform in-depth security incident investigations. It provides visibility and clarity to potentially malicious activity by thoroughly analyzing packets captured from your network, and in most cases can help resolve security incidents in minutes or hours instead of days or weeks. It is integrated with IBM Security QRadar solutions, allowing the same person who has visibility to logs and network flows to conduct searches and learn more about an incident. With QRadar Incident Forensics, security staffs can analyze many types of data, understand their relationships, re-trace the steps of an attacker, remediate damage, and reduce the chances of a recurrence. Learn more about QRadar Incident Forensics: http://ibm.co/QrSCg3
IBM Security QRadar and iSecure Work Together to Improve Customer Security
This short video describes the benefits that customers receive from the IBM Security QRadar and iSecure partnership. iSecure wraps their services around IBM’s QRadar products and helps clients address their security gaps. iSecure chose IBM because of the visibility QRadar provides to security exposures, and IBM’s continued investment in new capabilities such as vulnerability management, risk management, and incident forensics. iSecure also endorses IBM ability to provide a solution that combines multiple point products into a single, consolidated security solution.Learn more about IBM Security: http://ibm.co/ibmsecurity
Local Government Secures Their Data With QRadar
Securing people and funds is a challenge for the public sector. With these limited resources, IT departments must choose a security tool set that will be easy to implement as well as easy to manage. In this video, a local government explains why they chose IBM Security’s QRadar and how it has been a true asset to their work process.To learn more about QRadar, please visit http://ibm.co/1HNzm2n