Network security is increasingly important. Private and public enterprises have already spent billions of dollars to bolster security over the past several years, yet attackers consistently succeed in evading whatever roadblocks are erected to block their access to sensitive data.
This issue has led many organizations to embrace a simpler approach focused on securing people, processes, and technology. You can’t view security functions as a nuisance, but as a strategic enabler of new initiatives and a way to make your company more competitive in a global market.
These simple steps might help your company return to basic security techniques.
1. Alerts and Response Documentation
A vast majority of the attacks against enterprises these days are targeted strikes carried out by organized criminal gangs, hacktivists, or nation-state actors. The random attacks of the past have been replaced by serious campaigns that are designed to carefully extract corporate information, acquire intellectual property, disclose trade secrets, and steal financial data. Rather than an old school smash and grab style attack the technique most often used today is more covert and focused siphoning large quantities of data in small unnoticeable increments over a lengthy period of time.
With this harder to detect technique comes the need for better detection and response paired with traditional prevention. Augmenting existing log-centric monitoring with network packet capture and endpoint-monitoring technologies will enable security administrators to get a more complete picture of network traffic, allowing detection of hacker activity. Most serious administrators will use identity management, identity governance, and behavioral analytics tools to spot and limit the impact of compromised credentials and identities.
You want to document the process of detection, test that it works, and document the response to each alert.
2. Strong Network Perimeter
Traditional perimeter technologies like firewalls, antivirus tools, and intrusion-detection software still have a place in your modern enterprise security strategy. These tools work by looking for specific signatures of known viruses and other types of malware and then block the malicious programs in near real time. Most compliance requirements outline the expectations around this type of security.
Based on recent breaches at major organizations we now understand that these signature-based perimeter tools are ineffective against the highly targeted attacks of the type launched by organized and educated malicious hackers. It’s important for enterprises to view perimeter-based defenses as just one of the necessary tools of the trade from a strategic and tactical standpoint.
You want to document the perimeter security settings, test that it works, and document the response to issue or alert that can be generated.
3. Secure Development
Common, well-understood shortcomings like SQL Injection errors, cross-site scripting flaws and broken authentication and session management functions have tripped up numerous organizations. But the recent wave of intrusions at major organizations has really driven home the need for secure code. Vulnerable applications have often provided hackers with relatively easy access to corporate networks and data, so securing them is vital to ensuring data integrity and confidentiality.
For many large organizations, manual code review would be prohibitively expensive. So a viable alternative would be to automate the code-review process by combining static and dynamic program analysis and by making the code analysis process an integral part of application development. Developers and operations teams need to recognize that security must be a shared responsibility and work to integrate controls earlier in the product life cycle.
You want to document the development security requirements, review the requirements periodically, and document the procedures are be followed with all in-scope development efforts.
4. Educate People
People are usually easier to compromise than machines. Many of the biggest attacks in recent years have started with attackers gaining entry into networks using log-in credentials belonging to legitimate users such as employees, business partners, or vendors. Hackers use well known and effective social engineering techniques and even phishing emails to help users disclose passwords and usernames to accounts with access to a corporate networks. The hackers then use that initial foothold to find and access critical enterprise systems and data stores. In most cases the people with access to sensitive data don’t feel personally obligated to protect system access, usually because it is seen as an IT function.
You want to provide formal education to all in-scope users, review the training periodically, and document who has gotten the training as part of new hire or required annual re-training.
5. Secure Business Processes
Process and procedure mistakes can compromise corporate security technology. Written policies and procedures, communicated and enforced, can help reduce errors where sensitive data is emailed to vendors, shared on personal hard drives, or uploaded to shared internet drives.
This could also include third parties and security firms come in periodically to do penetration tests and mock attacks where nothing is off limits. This should probably also be pushed out to all vendors and suppliers so that your requirements are communicated to them, so they implement the same requirements when they have access to your sensitive data.
You want to create and maintain written polices and procedures, review the documentation periodically, and verify the requirements are being followed through testing and training of employees.