The job of an enterprise’s chief security officer (CSO) is a difficult one. Devising a strategy that ensures the company’s network and data are secure can be a daunting challenge. With high profile breaches like Target and Adobe making headlines recently, enterprise security has finally been brought into the public spotlight. This newfound awareness has put the pressure on enterprises to assure their customers that they are taking every measure possible to boost their security.
This leaves executives asking, where do I start? With so many different considerations to take into account, there is no single solution that will meet all the security needs of a given organization.
Here are the 11 essentials for keeping your enterprise secure.
Click through for the 11 essential elements necessary to keep enterprise data and networks safe.
Service: Browser security
Description: Secure browser sessions offer enterprises a way to protect sensitive data from both internal and external threats. Security solutions for the browser can stop employees from collecting sensitive data from an enterprise’s network, while also protecting the network from external agents such as hackers or malware.
Importance: The browser continues to be the most common point of interaction between an enterprise’s network and the Web. With the rise of BYOD, access to valuable company data is not restricted to devices owned and maintained by the IT department. Companies need a way to protect data travelling to the endpoint more than ever before, with the browser being the most prevalent, while also the most insecure.
Best practices / advice: It is very difficult to get all your employees to follow any security policies that aren’t automatically enforced. The only foolproof way to get employees to follow security policies is to have mechanisms in place that enforce the policies. While mobile device management suites can help with mobile devices, on-demand security products enforced at a network or server level can enforce consistent security policies across managed and unmanaged computers, as well as on users’ own mobile devices.
Service: Vulnerability management tools
Description: Vulnerability management is a critical process of identifying, classifying, and fixing vulnerabilities. It only takes a single vulnerability to launch an attack, and most large enterprises have hundreds of thousands of vulnerabilities on their network.
Importance: These solutions allow enterprises to find vulnerabilities and prioritize vulnerabilities. Some will also identify multi-step attack vectors such as APTs.
Best practices / advice: Network context is essential. Just because a vulnerability is rated medium by the vendor, doesn’t mean that you can ignore it. Remediate based on risk to your network to reduce the attack surface as fast as possible.
Service: Advanced threat protection
Description: Truly effective advanced threat protection delivers a comprehensive lifecycle defense that fortifies the network by blocking known advanced persistent threats, proactively analyzing and detecting unknown and already-present malware, and automating post-intrusion incident containment and resolution.
Importance: Security defenses have traditionally been built with standalone products that protect against known threats. With today’s increasingly sophisticated hackers and advanced threats, that’s no longer enough. Enterprises need a way to get siloed IT and security groups to work together, sharing intelligence and analysis so that they can adapt, scale and extend protection to unknown threats as well. What’s needed is a lifecycle approach to implementing a complete, multi-layered defense.
Advanced threat protection continued
Best practices / advice: Enterprises must have real-time defenses against known threats through secure Web gateways, along with network-based malware scanning and application whitelisting. For unknown threats, advanced sandboxing technologies can analyze unknown content to see if it’s malicious. They can then contain and learn from malicious content that is identified so it can then be blocked at the gateway. After investigating and resolving the full scope of incidents that do occur, the resulting intelligence must then be shared quickly with the gateway for future protection. Automating this process makes it possible for day-to-day security operations and advanced security teams to work together to protect and empower the business.
Source: The experts at Blue Coat Systems, makers of the Blue Coat Advanced Threat Protection solution, which delivers a comprehensive lifecycle defense that fortifies the network against today’s advanced persistent threats.
Description: Encryption is a process that encodes data in a way that only privileged users can access it. Once encoded, the data becomes useless, unless an individual has the correct key for decrypting it.
Importance: Data is often times an enterprises most valuable asset. With the emergence of BYOD, this asset is being stored and accessed in more places than ever before. This makes it more difficult than ever for IT administrators to prevent their data from falling into the wrong hands. Encryption serves as a last line of defense, ensuring that even if the data is lost or stolen, it remains inaccessible and safe.
Best practices / advice: Companies need to encrypt all sensitive data, but especially data which is stored on portable devices. Password protection is not enough to keep a device secure once it has fallen into the wrong hands. With the rise of BYOD, it is more important than even that enterprises have policies emplace demanding employees encrypt all sensitive corporate data.
Service: Endpoint security analytics and incident response
Description: Designed to enable operations under the assumption of compromise, endpoint analytics and incident response offerings enable customers to root out threats that have evaded their defenses, respond rapidly to any information security alerts and bring systems back to a trusted state without disruption to operations.
Importance: Today’s threat landscape is sophisticated. The adversary is organized, well-funded and equipped with the skills and tools to evade perimeter defenses almost at will. Organizations need to rethink their overall security strategy to include tools and processes designed to hunt for these inevitable intrusions.
As part of an overall risk management plan, endpoint analytics and incident response products allow an organization to mitigate the effects of insider threats and zero-day malware before they have a chance to do irrevocable damage to a company’s reputation or cause cleanup and recovery costs to spiral out of control.
Endpoint security analytics and incident response continued
Best practices/advice: In addition to investments organizations have made to detect and block malware, similar investment needs to be made to enable an organization to root out threats hiding inside their walls. Organizations must be able to find problems and be equipped to quickly and effectively recover systems from a successful attack.
Service: Antivirus and security software
Description: Provides cross-platform anti-malware protection for endpoints, servers, and mobile devices.
Importance: Enterprises are an increasingly attractive target for cyber thieves, with the organization’s data and Web servers offering ample opportunity for a payday. The primary threat right now for enterprises is phishing, which involves duping employees into revealing credentials for accounts where sensitive information is kept. These stolen credentials are then used to hijack data, resources and money. One of the most malicious attacks of this type occurs when a cyber criminals obtain data they need to initiate a wire transfer or payroll payment in the name of the business.
To combat this issue, employees should be trained not to fall for phishing attacks and firms should have appropriate security solutions that block malware. Cyber criminals are constantly improving the look-and-feel of deceptive emails, but the combination of training and technology can be an organization’s first defense.
Antivirus and security software continued
Best practices / advice:
- Know what you are defending: Many organizations don’t have a clear picture of their digital assets or where they reside. It’s crucial to conduct a “data audit” to review the inbound and outbound flow of data. Similarly, companies need to perform a “network audit” to understand what equipment is on the network and what devices are connecting to the Internet and/or phone lines. Once the business has a clear picture of where the sensitive data resides, and who has access to it, then that data can be better protected.
- Have rules: A written information security policy or plan is essential for all businesses these days and in some industries, such as healthcare and financial services, may even be required by law.
- Enforce the rules: The catch with any security policy is that you need to enforce it. That includes sanctioning people who violate the rules but also educating all employees about what the rules are. It is not unusual for a large company to insist that an approved vendor or contractor show evidence of a program of security awareness for its employees.
- Start with stronger passwords: This sounds like a very low-tech tip, but it has a high reward. Educate employees on what constitutes a strong password. Make them use strong passwords on all systems, including smartphones and tablets. Frequently change the default password on routers and point-of-sale equipment.
Service: Security Intelligence
Description: Security intelligence provides the critical visibility needed to detect security breaches and today’s most sophisticated cyber threats. As evidenced by many recent high profile breaches, today’s most impactful attacks are difficult to detect and often employ customized malware capable of silently bypassing existing security mechanisms. Security intelligence is key to detecting evidence of such a compromise.
Here’s how it works: as an attacker, or the malware they have employed, begins to seek out its target, they will leave fingerprints as they move within the IT environment. These fingerprints can be found in the log and machine data that is generated and can be captured across the whole IT environment. With security intelligence, anomalous behavior can be detected, leading to the identification of advanced threats early in their lifecycle and prompting swift and effective responses and countermeasures before data is infiltrated.
A security intelligence platform that unifies traditionally disparate technologies including SIEM, log management, file integrity monitoring, host forensics and network forensics will position organizations well for the inevitable.
Security intelligence continued
Importance: In today’s rapidly evolving threat landscape, it’s not a matter of “if” an organization will be breached, but rather “when.” In fact, many organizations are asking themselves “have we been breached already and just don’t know it?”
It’s critical that organizations are able to quickly recognize anomalous activity to detect and respond to security threats. This can be challenging, however, as many organizations are unable to define what constitutes “normal” behavior, and as a result, have great difficulty identifying which activity is abnormal.
Security intelligence can help solve this problem. With security intelligence, organizations can effectively baseline “normal” IT activity across their networks, and therefore more easily detect anomalies indicative of threats and breaches.
Security intelligence continued
Best practices / advice:
- Encrypt your sensitive data while in transit and at rest whenever possible. Change your passwords regularly, use different passwords on every website and utilize multifactor authentication whenever possible. Silo disparate sets of data to meet compliance requirements and avoid inadvertent cross-contamination or potential disclosure of sensitive information.
- Implement data loss prevention in tandem with file integrity monitoring to discourage the theft of sensitive data and alert on sensitive data access. Taking these precautions will reduce your risk of negative media exposure, liability, fines, and loss of revenue associated with sensitive data loss. Taking necessary steps to protect your intellectual property should be at the forefront of any security minded professional.
- A strategic initiative should be devised to implement and actively audit against the organization’s security posture and assure that industry recommendations and compliance regulations are met. Not only is this a good idea, but it will help out tremendously during future audits and assure that the organization remains in compliance.
- The age-old idiom that you are only as strong as your weakest link has never been more true than it is today. Educating your users about security best practices and teaching them how to remain safe online is imperative to the overall security of the organization, especially in the age of BYOD and advanced spear phishing tactics.
Service: Network visibility
Description: It’s critical that organizations have network visibility in order to effectively defend themselves against today’s top threats – from APTs and DDoS to zero-day malware and insider threats.
Importance: Sophisticated and targeted attacks have become increasingly difficult to detect and analyze. Attackers enter using stolen credentials, zero-day vulnerabilities, and exploit obfuscation techniques to evade traditional detection systems and fly under the radar for long periods of time. Organizations should have a network visibility solution in place that can detect the most advanced threats – not just at the gateways but across the entire enterprise.
Network visibility continued
Best practices / advice: Lancope recently released the results of a very telling Ponemon survey entitled “Cyber Security Incident Response: Are we as prepared as we think?” The findings confirm that many organizations aren’t prepared to respond to security incidents. Here are several recommendations to help beef up incident response preparedness:
- Make it a priority to build an incident response team consisting of experienced, full-time members
- Assess the readiness of incident response team members on an ongoing basis
- Create clearly defined rules of engagement for your incident response team
- Have meaningful operational metrics to gauge the overall effectiveness of incident response
- Translate the results of these measures into user-friendly business communications
- Involve multi-disciplinary areas of the organization in the incident response process
- Invest in technologies that support the collection of information to identify potential threats
- Consider sharing threat indicators with third-party organizations to foster collaboration
Source: The security experts at Lancope, whose behavioral-based security monitoring platform – StealthWatch provides the network visibility and security intelligence needed to defend enterprises against today’s top threats.
Service: Hardware-based encryption for cryptographic keys
Product/Description: In the face of online payment transactions, Big Data and the Internet of Things, businesses nowadays capture more sensitive and business-critical data than ever before. With recent software security breaches and threats of backdoors, more enterprises are turning to hardware solutions to store the keys to their encrypted data.
Hardware security module (HSM) technology keeps cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. HSMs create strong cryptographic keys through true random number generation, and manage them for strong authentication, ensuring no backdoor access to sensitive customer or corporate data.
Importance: Highly sensitive information like pin numbers, user names, passwords and finger print scanner data needs to be scrambled, or encrypted, when being transmitted from different devices, locations and users. To read the encrypted data, authorized parties hold the key to unscramble the information. Securing the safe storage of those keys is the single most critical challenge in the security industry.
Hardware-based encryption continued
Best practices / advice: To ensure no backdoor access to your encrypted data make sure that:
- You choose a cryptographic algorithm from the public domain that’s already known to stand up to any attack
- Your cryptographic keys rely on true random number generation so that they can’t be cracked
- Your cryptographic keys are stored in a safe place, without any backdoors, and are resistant to physical attack.
Source: The security experts at Utimaco, who offer solutions for hardware-based encryption for cryptographic keys
Service: Email & Web protection
Description: These days, companies that don’t manage their email and Web usage are risking more than a careless reputation. Malicious content can cripple entire networks, expose employers to lawsuits and eat away at profits. Corporations that invest in email and Web security solutions save time and money by blocking unwanted messages and content, while keeping networks free of malware, spyware and viruses.
Importance: 2013 ended with a Target-shaped bombshell affecting the financial details of 40 million customers – with some estimating this figure to be much higher. The subsequent investigation appears to have identified a phishing email, sent to a third-party contractor, as the most likely avenue that allowed criminals to infiltrate Target’s network. Unfortunately, Target isn’t the first and is unlikely to be the last victim of this type of attack. 2014 has started with record levels of phishing activity coupled with an even greater increase in email activity distributing malware. Shoring up on email and Web security would significantly lower the risk of becoming a victim.
Email & Web protection continued
Best practices / advice: Here are a few precautions that can be used to stay out of scammers’ trap:
- Take a layered-security approach, and make sure firewalls and antivirus software is not just used but updated to identify the latest threats
- Consider utilizing an email-filtering service
- Make sure systems aren’t left vulnerable by applying software patches, especially for the malware authors favorites such as Java, Adobe products and popular operating systems.
Source: The experts at email and web security company, AppRiver.
Service: Real-time endpoint threat detection & response
Description: Real-time endpoint threat detection & response platforms provide security teams with unprecedented context and visibility into advanced attacks. From a behavioral standpoint, teams can rapidly detect threats as they are happening, for a forensic-level analysis in real-time throughout the entire attack lifecycle.
Importance: The endpoint is at the center of the battleground between attackers and organizations. It’s where the most vulnerable and accessible targets exist based on volumes of user interactions with critical data. However, traditional security solutions lack the speed and intelligence necessary to effectively protect enterprise endpoints and equip incident responders with correlated attack context across the enterprise.
To fight large-scale, persistent threats, organizations need a solution that captures malicious behavior on every endpoint using stealth attacker methodologies that won’t impact overall system performance, and that provides contextual attack data.
Real-time endpoint threat detection and response continued
Best practices / advice:
Assess your endpoint security model:
- Detection: Your solution should have the ability to detect attacks and advanced threats that evade or disable other defenses.
- Analysis: Any technology designed to help identify and classify threats should have built-in automation to analyze and quickly understand attacker behavior, in real time, to manage an effective incident response.
- Remediation: The ability to automatically or manually remediate is critical for long-term endpoint security.
- Resistance: Technology that is able to automatically defend against bad files or known malware is great, but how your technology holds up against unknown attack methods and malware is the next generation of endpoint challenges. Technology that gets smarter over time in enterprise environments allows dynamic generation of profiles designed to resist specific threats.