So if security doesn’t derive from your anointed specialists doing their thing, and it doesn’t come from the stuff you buy, and it doesn’t result from the scans and tests you authorize, and it doesn’t stem from your efforts to maintain regulatory compliance, what can be done to make your information—and the identities of your employees—more secure?
As mundane as it may sound, your organization’s true security posture is the byproduct of what you do every day. Only by embracing a holistic approach which acknowledges that everything matters can a company finally advance on a path toward genuine information security.
That’s right: Everything matters.
- Advancements in such mature technologies as anti-virus and anti-spam may not dominate tech industry publications. But they are critical tools in the fight to keep you secure. You should demand best-in-class solutions with frequent automatic validated updates.
- A comprehensive approach to patch and update management is absolutely mandatory. Studies have consistently shown that more than two-thirds of all successful network intrusions were 100 percent preventable with known patches. The problem, of course, comes when a Microsoft update hoses the performance of an application that is critical to your business. Automatic updates probably do not work for your organization. We recommend an approach to patch management that pushes critical security updates immediately, while enabling the bench testing of all other patches. Those deemed safe need to be deployed in a gradual fashion, with rollback capabilities and contingencies built into the system.
- Ongoing effective management of your Windows infrastructure is another vital component in maintaining the security of your network. Poorly configured Active Directory environments that are rife with accounts from departed users and Group Policy that applies to some users but not others not only bring a host of new vulnerabilities, but also make the forensic investigation after a breach extremely difficult to accomplish.
- Firewall rules need to be as tight as possible, for both incoming and outgoing traffic, and should be reviewed regularly. Next-generation features (content filtering, deep packet inspection, Advanced Persistent Threat blocking) should be actively managed and tweaked on an ongoing basis.
- Environments that permit users to use their own devices (BYOD) need to assure that those devices adhere to a strict Network Access Control system. The best of them establish a security perimeter around every device that connects to the network, and strictly enforces who is allowed to access your environment, from what device, at what time of day, and from where in the world.
- Encryption isn’t sexy. But when you consider the thousands of devices lost or stolen every day, many of which contain proprietary information, encryption is necessary.
- Data protection and disaster recovery have security implications that are too often overlooked. (The best response to a ransomware attack is to have a quickly recoverable version of your data that has been backed up every 15 minutes.) Make sure to test the recovery of your environment at least once a month.
- Documentation should become an obsession. Not for its own sake—we’re talking about documentation with log management. The obscene lag time in identifying a security breach can be cut dramatically with an organized and logical approach to reviewing logs, integrated into a larger event correlation solution.
You’ll notice that the list is made up of things your network administrators would typically take care of. That’s no accident; that’s kind of the point.
Your own health derives, not from your annual trip to the doctor, but from what you eat, and how much you move, and how well you sleep, and how you live every day.
Your network’s security derives, not from an annual visit from the auditor, but from what you monitor, and what you adjust, and how actively you manage the entire network environment every day.
That’s the paradigm shift our industry needs.
SLPowers takes a holistic approach to information security. We start by asking questions—a lot of them. We rev up our Security Operations Center on your behalf, to keep our eyes on the tools that keep their eyes on you. And we rely on a large team of security engineers and analysts who do nothing but.
Contact us today, and we’ll tell you more. But be prepared to answer some questions.