FEATURE: SECURITY MANAGEMENT
///////////////////////////////////////////////////////////////////////
Ziad Sawtari, Regional
Director for the Middle
East, Skybox Security,
says those seeking to
ensure their cybersecurity
should quit firefighting
and eradicate security
management gaps.
Greater insight into where
your biggest security
management problems lie
will create an opportunity
to bring lasting change to
your security programme,
he says.
K
eeping pace in the cyber-realm
is hard. Sometimes it can feel
like you’re stumbling through
the dust kicked up by hot-heeled
cybercriminals, trying to play catch-up
without falling foul of any traps they’ve set
along the way.
You’re forced into a pattern of reaction –
firefighting – when you have all the tools
at your disposal to be proactive, strategic,
effective. If this sounds familiar, it’s likely
that you have security management gaps
that continue to allow attacks to occur and
that are preventing you from keeping pace.
Organisations have made significant
investments in a myriad of networking and
security technology. They’ve brought in
firewalls in order to keep criminals out of
their infrastructure.
They have scanners to keep vulnerabilities
on assets from being exploited. And they use
security information and event management
(SIEM) systems to rapidly find and fix
security issues and mitigate damage.
To the uninitiated, it would appear that an
organisation with all of these tools in place
shouldn’t be too troubled by cyberattack
concerns. But, of course, this simply isn’t
the case.
Your security investments
aren’t paying off
The goals behind security programme
investments may never be achieved. It’s
a cold fact, but it’s true. The full value of
many solutions is never realised because the
resources, context and processes aren’t there
to manage them.
Firewalls aren’t impenetrable: you need to
ensure that the security which was designed
in policy is continuously adhered to within
your actual, living network. This is a job
which demands constant attention and
vigilance – difficult to achieve when your
resources are already stretched.
Scanners are a fundamental security tool
but, in reality, it’s difficult for them to spot
the critical-risk vulnerabilities hiding among
the thousands (or millions) of occurrences
within your network.
Scans are all too often outdated by the time
they’re acted upon, they may miss off-limits
network segments and devices, and major
risks can end up being overlooked simply
because of a generic severity score.
Additionally, SIEMs can give you a laundry
list of security issues but can lack in terms
of relevant context. This means that you’ll
struggle to understand the significance of each
indicator of compromise (IoC) and to ascertain
exactly how far an attack might reach.
These examples of security management
gaps and others like them are leaving your
organisation prone to successful attacks.
Often, gaps are the result of missing context
– the solutions are there, the data is there,
How to bridge the
security management gap
40
INTELLIGENTCIO
www.intelligentcio.com