With the continued rise of data breaches and cyber attacks, AlgoSec, a leading provider of network security policy management, offers a top five list of information security resolutions organizations should strive to attain this year.
The common theme across these resolutions is to step back from what is being done today, examine the organization’s technologies, processes and culture and ultimately take a proactive approach to addressing security.
Click through for a list of five information security resolutions organizations should strive to attain this year, as identified by AlgoSec.
Gartner has stated that most firewall breaches are due to misconfiguration, not from flaws with the firewall itself – 95 percent of the breaches, to be exact. Ensuring that security devices are properly configured is of great significance (and it’s listed twice among the top 20 critical controls identified by SANS for endpoints and network devices). Implementing the proper security tools and policies is important when it comes to defending your network; therefore, if your devices are out of date, missing critical patches or improperly configured, then your network may be exposed. You could have the tightest firewall rules and a “locked down” network, but if a router is running an old operating system that has known flaws, you have a security gap that can be exploited.
It is common for ineffective security to be a symptom of a cultural issue. Both IT security and IT operations teams are held responsible for managing, supporting and securing increasingly complex network environments, often clamoring for more resources to get the job done. As the pile of work increases, each department hunkers down and focuses primarily on their specific roles and responsibilities. The silos expand across other key stakeholders, as well, when you consider business applications – complex connectivity requirements also involve multiple parties, such as application owners and firewall administrators. Organizations should consider a cultural change that involves breaking down the invisible walls that typically prevent these different stakeholders from effectively communicating with each other – to improve security without impeding productivity.
If you’ve addressed the previous two recommendations, then automation can really amp up your security and operations. In the State of Network Security 2012 survey, more than half of the respondents cited time-consuming, manual and error-prone processes (including poor change management) as the greatest challenges of managing network security devices. Manually discovering all of the firewalls and rules impacted by a potential change, as well as understanding any potential change in risk or compliance levels, is time-consuming, tedious and oftentimes error-prone. Automation can be used to ensure accuracy, reduce risk and significantly reduce the time to process changes – and ultimately allow IT to more quickly respond to changing business requirements.
This is something that must be addressed as complexity only makes it harder to actually secure our networks, applications and information. In addition to the complexity of managing many devices and policies is the challenge that these are all tied to critical business applications. Oftentimes, there is limited to no visibility across the organization of the impact of one or the other. For example, if a change to the security policy is made, what is the impact on the business applications that are essentially keeping the business running? Or vice versa, if a change is made to an application, is there an impact to the security policy and potentially the network? This isn’t just a security issue (ensuring that unused rules tied to decommissioned applications are also removed), but an issue of keeping the business running efficiently, as well.
What exactly does this mean? Well, when planning our defense, it is the norm to develop a plan based on a clean network. However, in today’s age of stealth malware, targeted attacks and a more open network, this is a faulty assumption. Rethinking network security means you start with a different assumption…assume you have already been hacked. Now it’s time to re-plan your defense. With this approach, your security will surely be different!