FINAL WORD
W
hile the risk appetite for each
organisation differs based on
exposure, nature of business
and other factors, not having enough
security measures and not maturing
them to meet the latest threat landscape
is not a choice anymore. It is no longer
a case of “if” a breach could happen. It’s
now about how can I make it difficult for
the hacker, and “when” it happens, how
ready am I to detect & respond.
Traditionally, having the latest preventive
security controls such as firewalls, IPS,
and end point solution was thought to
be enough. However, today, these can
only be considered to be a good start,
and additional measures are required to
boost the overall security strategy.
In this write-up, I will try to cover how
organisations should work towards
maturing their security operations to
stay ahead of the game. I will divide
security maturity into four different
steps - it is recommended that each is
addressed in the same order, keeping in
mind that each requires regular review
to ensure it is fit for purpose for “today”.
1
Implement preventive
security controls
When an organisation wants to set up
IT security measures, Security Preventive
Controls should be the starting point.
It’s a very effective control to block less
motivated attackers who are trying to
hack for fun. This control will require
organisations to implement technologies
like - next generation firewalls, encryption,
anti-malware solutions, endpoint security
controls, PAM solutions etc.
The type of technologies to be
implemented will depend on the nature
of business & level of exposure each
organization has. For example, if you host
a website on the internet, you certainly
need a web application firewall too.
Fortunately, from an awareness
perspective, this is the most adopted
measure, although organisations
tend to implement only basic
security technologies but miss out
on implementing relevant additional
technologies. Hence, this does require
through review to understand what is
important for the organisation & ensure
those measures are implemented &
maintained properly.
2
Implement monitoring
controls
Once you have implemented and are
maintaining preventive controls well,
it’s time to monitor the environment
to detect things which are sneaking
in by bypassing these controls. One of
the important elements for monitoring
controls is the Security Incident & Event
Management (SIEM) solution which
collects logs across the estate, correlates
the data & alerts when an anomaly is
found, thereby indicating something
suspicious.
As this control requires vigilant human eyes
watching the alerts generated all the time,
it’s a bit manpower intensive. Depending
on the nature of business & risk factor, you
could either run it during working hours
alone, although its recommended to have
24/7 monitoring in place.
This also requires feeding the SIEM
solution with the right level of logs,
maintaining it, regular use-case
development, and ingesting threat feeds
into the solution. Due to the demanding
nature of these tasks & the investment
required, several organisation tend
to outsource it to managed security
services providers (MSSPs).
ONE OF THE IMPORTANT ELEMENTS FOR MONITORING
CONTROLS IS THE SECURITY INCIDENT & EVENT
MANAGEMENT (SIEM) SOLUTION WHICH COLLECTS
LOGS ACROSS THE ESTATE, CORRELATES THE DATA
& ALERTS WHEN AN ANOMALY IS FOUND, THEREBY
INDICATING SOMETHING SUSPICIOUS
86
INTELLIGENTCIO
www.intelligentcio.com