Understanding the common success factors and pitfalls in implementing continuous security validation is crucial for organizations aiming to enhance their cybersecurity posture. In this segment, we explore the key insights derived from observing organizations across various industries and maturity levels.
Here is the verbatim discussion:
And let's move to the next part which is you have seen all of these organizations which has matured over period of time and you have seen across various breadth of the industry so what what had been some of the key things which you noticed as the common success factors as well as common mistakes so some of the common success factors and failure factors when it comes to implementing continuous security validation yeah um very good point and I'll I'll kind of preface this by saying um the answer is unique to every single organization so it heavily depends on the the nature of the business the culture um unfortunately budgets and having that strategic alignment between uh the overall organ organization's financial goals and their their security goals and um you know as part of that ultimately uh you want to have um you want to prevent attacks from happening uh in the first place and there are metrics and and key metrics that you can identify uh where you're you're able to reduce uh those attempts in the first first place um so the equivalent of this would be like let's just say 2 o'clock in the morning um you you hear someone knocking on your door you know between the hours of two 2 and 3 a.m. and you know although they're not getting in that's the equivalent of reconnaissance and they're they're basically trying to probe and identify areas that you're in and those might be you know something as simple as firewall Deni logs um that might be of interest and then um and then so on and so forth so anything you can do to identify the those areas and and and eliminate them or reduce them is a key metric that you want to have um the other thing is like in the event that you actually have an incident you want to reduce uh or that you have a breach or someone someone's in your organization then number one thing is to detect them as soon as possible um and you know overall reducing What's called the dwell time uh and the amount of time that that that attacker is in your in your house effectively um and you you want to basically investigate it as quickly as possible you want to eradicate it as quickly as possible want to address what the the the core uh entry point was in the first place and then basically PS it up fix it so it doesn't happen again um and you know that's that those are key fundamentals that are there um the and that's where the biggest challenge is is like organizations just don't have um they don't have the visibility that they that they require to get to those those points those are certainly very key um the other kind of key point that organizations will will get into is um you know a lot of a lot of the the monitoring and and um doing these different assessments is you ultimately they're trying to find a needle and haast stack is that is a common analogy that's used and uh unfortunately what uh organizations will do especially early on is they'll add more and more hay uh to with the idea that they will have better visibility unfortunately there that that actually makes things more difficult because it's more difficult to actually find the needle um so as as a key metric and focus and priority area it would it it's definitely a best practice to to eliminate the noise and eliminate all that excess hay that excess hay uh so you can find these needles faster and quicker and eventually get to the point where you're actually able to categorize the individual needles so you can actually identify a needle within a stack of needles that's relevant to the specific use case that you have um because what will happen with Advanced resistant threats is they'll actually come uh they'll come back time and time again and um what unfortunately one of the the key things that ends up happening is uh especially with Ransom wear attacks is organizations will um they'll actually recover and Implement a backup uh or basically get to a steady state but they won't they won't address the the main entry point that that the attackers use to get in so all they do is they they come right back in and that's why uh paying for a ransomware doesn't really work because you're not a lot of times organizations don't address the the the core entry point and uh once kind of that the word gets out then it's open season so you might have multiple different criminal organizations looking to get into your environment um so and there's metrics that you can build around all of those things like reducing false positives uh reducing false negatives and then um and and overall uh measuring.
Highlights:
Success Factors:
-
Preventative Measures: Prioritize preventing attacks by reducing vulnerabilities and minimizing attack attempts. Effective measures include assessing and eliminating potential entry points, such as firewall logs, to thwart reconnaissance efforts.
-
Prompt Detection and Response: Swiftly detect and respond to security incidents to minimize dwell time and mitigate potential damage. Timely investigation, eradication, and remediation of threats are essential to prevent recurring breaches.
-
Visibility and Monitoring: Enhance visibility into the security landscape by reducing noise and focusing on relevant threats. Streamline monitoring processes to efficiently identify and categorize security incidents, enabling proactive threat management.
Common Mistakes:
-
Excessive Noise: Overloading security systems with unnecessary data complicates threat detection and hampers response efforts. Organizations often add more "hay" (data) with the misconception of improving visibility, leading to challenges in identifying genuine threats.
-
Failure to Address Root Causes: Neglecting to address the core entry points exploited by attackers perpetuates vulnerabilities and increases the risk of recurring breaches. Merely restoring from backups without addressing underlying security weaknesses leaves organizations susceptible to future attacks.
Success in continuous security validation hinges on proactive prevention, swift detection, and efficient response to security threats. By prioritizing preventative measures, minimizing noise, and addressing root causes, organizations can strengthen their security posture and effectively mitigate cyber risks. Avoiding common mistakes such as excessive noise and neglecting root causes is paramount for achieving robust cybersecurity resilience. Through continuous improvement and adherence to best practices, organizations can navigate the complexities of modern cybersecurity landscape and safeguard their digital assets effectively.
Speakers:
Brad LaPorte a former army officer with extensive experience in cybersecurity, provides invaluable insights into the evolving landscape of digital threats. With a background in military operations, LaPorte witnessed firsthand the early stages of nation-state cyber attacks, laying the groundwork for his deep understanding of cybersecurity challenges. Through his journey, he has observed the transformation of defense tactics from traditional, labor-intensive methods to modern, cloud-based solutions. LaPorte's expertise offers a unique perspective on the intersection of technology, security, and the underground economy of cybercrime. In this discussion, he shares his experiences and analysis, shedding light on the complexities of cybersecurity in the digital age.
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
Comments