Developing a thoughtful cybersecurity operations strategy and implementing processes to help you prevent, detect, and respond to potential threats is key. Here are a few ways you can ensure your program is up-to-date in each area this year:
1. Prevent Everything You Can
The best operational security controls are the ones that prevent bad things from happening. This is largely common sense -if the undesirable event never occurs, then there is no loss event or subsequent need for incident response activities.
The most common preventive controls utilized by cybersecurity operations teams today are firewalls, intrusion prevention systems (IPS), content filters, and endpoint protection suites. When properly configured, maintained, and monitored, these controls can prevent much of the malicious activity that security operations teams defend against.
However, if the deluge of high-profile cyberattacks over the past 5 years has taught us anything, it’s that a security operations strategy that is 100% focused on prevention is doomed to fail.
2. Detect That Which Cannot be Prevented
The bad guys will eventually find a way in. When they do, you need the ability to detect their activities quickly so that you can contain the damage and get back to normal business operations without experiencing a loss event.
The most widely used preventive control used today is security information and event management (SIEM). A SIEM solution will aggregate logs from applications, operating systems, and network infrastructure appliances across the enterprise and then analyze the data to identify undesired activity. Because of the massive amounts of log data generated by most companies, SIEMs leverage big data analytics techniques to identify the proverbial needle in the haystack.
When companies have a mature, well managed SIEM capability they significantly improve their ability to proactively detect malicious activity and contain the problem before it can cause the company serious harm.
3. Prepare for Cybersecurity Incidents Before They Occur
Finally, we must prepare for the reality that the bad guys may eventually gain a foothold on our systems. To effectively manage a breach or intrusion, companies need to have a preparedness plan in place that outlines who is authorized to declare an incident, the external resources the company will need to recruit or call to action in order to respond, and how the company will technologically deal with the situation.
Once you have a plan in place, the team’s performance will improve over time by practicing the response steps. In order to hone their skills, most security operations teams conduct tabletop incident response exercises at least annually.
Are You Prepared for a Potential Attack in 2018?
Today’s cybersecurity operations teams are faced with ever-increasing and changing threats at every possible point of entry – from the perimeter to the desktop; from mobile to the cloud. Because of the rapid evolution of threats and constant changes in network and security requirements, our team at LBMC is committed to keeping you up-to-date on all new developments and threats.