/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsThe most unsettling fact about data security is that many organizations don't consider its management a potential hurdle to overall business objectives. According to KPMG's Cyber Vulnerability Index 2012, over 75% of Forbes 2,000 organizations leak data and create visible opportunities for cyber attacks. These security issues affect several business areas and can vary from distributed denial of service (DDoS), to catastrophic loss of the company's critical business intelligence and information. Without a comprehensive IT resiliency strategy, businesses remain vulnerable. IT resiliency can be accomplished only by instituting an end-to-end security testing regimen.
Today, mutating advanced persistent threats (APTs) are being launched at an accelerated rate. New, highly dynamic social media applications that serve as carriers of vicious malware are exploding along with the BYOD movement. Converged network traffic are driving data, voice, and video throughout IT infrastructures and these are just a handful of change agents challenging the effectiveness of mandatory security systems that are being asked to adapt to environments scarcely resembling the IT world of just a few years ago.
Even the most sophisticated IT defense measures will not guard organizations against crippling attacks, data leaks, or internal sabotage without an ongoing security testing regimen in place. And there's one enemy to blame: Change. The effectiveness of security measures and technologies cannot be judged in primeval lab settings.
Combating Change through Continuous Security Testing
Security is a moving target, which explains why so many organizations apply defensive measures on a reactive, trial-and-error basis. There is also a dearth of truly qualified ‘cyber warriors' equipped with expertise to strategically combat the growing complexity of a security battlefield.
But without a way to bridge the ‘reality' gap between the static, unpolluted environments of pre-production test labs and live production networks contending with dynamic change, majority of IT and security organizations often have no choice but to rely on the assurances of their vendors.
In many respects, this ‘strategy of hope' for avoiding attacks fosters a false sense of security and creates dangerous blind spots. It also makes evaluations of IT investments less reliable because canned performance benchmarks can belie how security systems-such as firewalls, UTMs, IPS/IDS, and more-actually perform in the volatile world of live networks. Failure to meet compliance requirements can incur stiff penalties. In short, enterprise IT and security organizations are at a breaking point.
Because of the severity, costs, and increasing frequency of cyber-attacks, organizations need new solutions for hardening IT infrastructures and security defenses. They need a way to understand how they will be affected by new security threats and high-stress conditions.
Actionable security intelligence (ASI) provides global visibility into emerging threats and applications, along with insight into the resiliency of an organization's IT infrastructure under operationally relevant conditions and malicious attacks.
Using ASI, organizations are better equipped to predict the impact of attack, to perform in the midst of configuration and network changes, and to avoid or minimize fines and a damaged brand image. In addition, they are better positioned to contend with the considerable consequences of DDoS attacks, data leakage, and other attempts at compromising security.
With rigorous and continuous resiliency testing, IT staff now make informed choices about security with an accurate understanding of their IT risk posture, as well as transition from reactive to predictive/preemptive damage control from attacks, implementing proactive and rigorous security assessment and remediation, bridging the gap between pre-production test labs, the live network and monitoring tools, optimizing security budgets and operational efficiency, supporting procedures that streamline compliance and developing and honing IT staff skills.
Key Steps
- Base-lining and Maintaining IT Resiliency and Security
Capturing a baseline is an essential first step in a well-run, continuous resiliency testing program. This means systematically evaluating the key elements of an IT infrastructure as well as those systems as a whole and evaluating those elements in the context of real-world conditions throughout the selection, configuration, deployment, and change-management life cycle to assess performance and security before and after change. It is critical to bridge the divide between pre-production test labs and production networks.
- Selecting and Deploying the Right Devices and Systems
Organizations need a layered security strategy to protect critical assets from sophisticated criminals, malicious insiders, and even nation-state-sponsored hackers. Firewalls and intrusion detection and prevention systems are absolutes. Increasingly, security-conscious organizations are also focusing on data leak protection, DDoS mitigation systems, intelligent switches to prevent ARP spoofing and MAC flooding attacks, web application firewalls, DNS sinkholes, and more in response to the complexity of the constantly evolving security threat scape.
- Validating Next-generation Security Measures
Emerging security measures are evolving to protect organizations from new threats by insiders and external agents. These measures rely heavily on deep packet inspection and analysis to prevent costly data breaches and service outages. Content-aware data leak prevention (DLP) systems are one such measure crucial to enterprise security. However their deployment presents serious challenges. These systems are designed to detect sensitive content in text files such as email and instant messages, and in non-text files such as images, video and audio recordings. But testing and validating their effectiveness and compliance requires highly complex test conditions.
- Reducing the Cost of Compliance
More stringent legislative measures and industry regulations place additional accountability pressure on organizations. The need to produce documented results of IT infrastructure security testing with repeatable and consistent auditing practices has never been greater. The costs and penalties associated with falling out of compliance are steep.
Consequently, organizations bound by such regulations require stronger data security measures, faster detection of security breaches, and mandatory disclosure of leaked or stolen data.
According to a Crisil-Nasscom report, by 2015, the Indian big-data industry is expected to grow from $200 mn to $1 bn.
While big-data needs to be secured, the problem lies in the fact that the Indian IT services sector has been hit by several high-profile data breaches. Much of this can be attributed to India's lack of regulations to protect consumers and companies from potential breaches. This is seemingly changing.
Recognizing the threat of cyber-attacks from a host of hostile entities, ranging from domestic vandals to foreign foes, a new initiative is being worked upon which plans to train 5 lakh cyber warriors in the next 5 years to meet a critical gap in India's defenses. In fact, the Indian government is planning to establish an autonomous Institute of Cyber Security Professionals and make ‘cyber security audits' mandatory for companies by amending the Companies Act.
A government-private sector plan will look at beefing up India's cyber security capabilities in the light of a group of experts estimating that India faces a 4.7 lakh shortfall of such experts despite the country's reputation of being a IT and software powerhouse.
- Honing IT Security Skills
All too often, a lack of effective training and IT staff skills is at the root of many high-profile data compromises. Once attackers have access to even a single endpoint within a network, they can move silently and laterally within an organization to gain control of critical assets and data, often after lying dormant for days, weeks or months. The ability to uncover insidious attacks that are increasingly the result of APT variants is vital, yet the pool of cyber experts experienced in intermediate to advanced forensics is small.
This is due to the fact that the majority of companies are hard-pressed to find skilled security experts and lack the budgetary and war-gaming resources to train their IT and security staff. Creating the current, large-scale and highly dynamic conditions required to immerse security staff in a cyber-battle is typically a ‘once and done' proposition conducted at far-flung intervals.
Going forward, organizations in the public and private sector will benefit from ensuring their IT staff receive appropriate training and gain the necessary experience that can be provided only through immersion in the very conditions they contend with every day. Until now, the question plaguing CISOs has been ‘How can we afford to implement the same cyber security training grounds used by the military?'
Summary
Organizations need to ensure IT resiliency in the face of constant change. From collapsing troubleshooting from weeks to hours to deploying the best-fit devices for their unique infrastructure, organizations are depending on ASI to harden and maintain their security posture.
The ability to provide accurate cyber-war simulations not only transforms infrastructure, but it helps to develop IT staff into an army working toward proactively re-mediating threats and implementing more effective security controls, and doing it without the need for additional resources and person hours.
By automating the process of identifying exposures and potential threats in IT environments, there is an increase in the speed, reach, and consistency of an organization's full array of enterprise security processes.