Monthly Archives: February 2017

How To Prevent Security Problems That Are Caused By Operational Issues – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

Get Back To Essentials With Health And Avoid Serious Issues

When you were a child you will have been taught that brushing your teeth properly and flossing will prevent the need for pricey crowns and root canal treatments. Standard hygiene is way easier and far more affordable than neglect and illness. This same lesson applies in the world of business IT – we can run a sound operation with correct endpoint and network health, or we can deal with increasing security problems and dreadful data breaches as lax health extracts its difficult toll.

Operational and Security Issues Overlap

Endpoint Detection and Response (EDR) tools like those we have created here at Ziften provide analytic insight into system operation throughout the enterprise endpoint population. They likewise supply endpoint derived network operation insights that substantially broaden on wire visibility alone and extend into virtual and cloud environments. These insights benefit both security and operations groups in significant ways, provided the substantial overlap between functional and security issues:

On the security side, EDR tools provide important situational awareness for incident response. On the operational side, EDR tools supply necessary endpoint visibility for functional control. Vital situational awareness demands a baseline understanding of endpoint population operating norms, which comprehending facilitates correct functional control.

Another way to explain these interdependencies is:

You can’t protect what you don’t manage.
You cannot control what you don’t measure.
You cannot measure what you don’t monitor.

Managing, measuring, and monitoring has as much to do with the security role as with the operational role, do not aim to divide the infant. Management means adherence to policy, that adherence needs to be measured, and functional measurements constitute a time series that must be tracked. A few sporadic measurements of crucial dynamic time series lacks interpretive context.

Tight security does not compensate for ineffective management, nor does tight management compensate for lax security. [Check out that again for emphasis.] Objective execution imbalances here lead to unsustainable ineffectiveness and scale obstacles that inevitably lead to significant security breaches and operational shortages.

Areas Of Overlap

Considerable overlaps between operational and security issues include:

Setup hardening and basic images
Group policy
Application control and cloud management
Management of the network including segmentation
Security of data and encryption
Management of assets and device restore
Management of mobile devices
Management of logs
Backups and data restoration
Vulnerability and patch management
Identity management
Management of access
Employee consistent cyber awareness training

For instance, asset management and device restoration along with backup and data restoration are likely operational group duties, but they end up being major security problems when ransomware sweeps the network, bricking all devices (not simply the usual endpoints, but any network connected devices such as printers, badge readers, security cams, network routers, medical imaging devices, industrial control systems, and so on). Exactly what would your enterprise response time be to reflash and revitalize all device images from scratch and restore their data? Or is your contingency plan to without delay stuff the assailants’ Bitcoin wallets and hope they have not exfiltrated your data for additional extortion and monetization. And why would you offload your data restore obligation to a criminal group, blindly trusting in their best data restoration stability – makes definitely no sense. Operational control obligation rests with the enterprise, not with the attackers, and may not be shirked – shoulder your duty!

For another example, basic image building using finest practices setup hardening is plainly a joint responsibility of operations and security staff. In contrast to ineffective signature-based endpoint protection platforms (EPP), which all big enterprise breach victims have actually long had in place, configuration hardening works, so bake it in and constantly revitalize it. Also consider the needs of business staff whose job function demands opening of unsolicited email attachments, such as resumes, billings, legal notifications, or other needed documents. This need to be done in a cloistered virtual sandbox environment, not on your production endpoints. Security staff will make these determinations, however operations personnel will be imaging the endpoints and supporting the employees. These are shared obligations.

Example Of Overlap:

Use a safe environment to detonate. Do not utilize production endpoints for opening unsolicited however essential e-mail documents, like resumes, invoices, legal notifications, and so on

Focus Limited Security Resources on the Jobs Just They Can Carry out

The majority of big businesses are challenged to effectively staff all their security functions. Left unaddressed, deficiencies in functional efficiency will stress out security personnel so quickly that security functions will constantly be understaffed. There will not be enough fingers on your security team to jam in the multiplying holes in the security dike that lax or neglectful endpoint or network or database management creates. And it will be less challenging to staff functional functions than to staff security roles with gifted analysts.

Transfer regular formulaic activities to operations staff. Focus limited security resources on the jobs just they can perform:

Staffing of the Security Operations Center (SOC)
Preventative penetration screening and red teaming
Reactive incident response and forensics
Proactive attack searching (both external and insider).
Security oversight of overlapping functional roles (making sure existing security mindset).
Security policy advancement and stake holder buy-in.
Security architecture/tools/methodology design, choice, and advancement.

Implement disciplined operations management and focus limited security resources on crucial security functions. Then your enterprise might avoid letting operations concerns fester into security issues.