We are witnessing an onslaught of attacks coming in from highly organized cybercriminals. It is so bad, in fact, that the situation was recently described by U.S. Secretary of State, John Kerry as, “…pretty much the wild west…”.
By United Security Providers
3. Cybersecurity
1. INTRODUCTION
3
We are witnessing an onslaught of attacks coming in
from highly organized cybercriminals.
the situation was recently described by U.S.
Secretary of State, John Kerry as, « …pretty much
the wild west… ».
If cybercrime is highly organized, then we, in turn,
need to be highly organized to counter the
threats.
The « wild west » needs to be well and truly
controlled by consolidating our infrastructure
security.
4. Cybersecurity
2. WHY CONSOLIDATE - THE DRIVERS
4
Many organizations have found themselves in a situation that has, over
the years created an infrastructure security profile that is nebulous.
This is often the result of bringing in point solutions to deal with specific
threats and building up a disconnected arsenal as issues evolve.
Like many areas across an enterprise, management of a multitude of
approaches and tools can be onerous.
The result often ends up in a fire-fighting situation with inefficient use of
resources; we end up with a reactive rather than proactive security
strategy.
5. Cybersecurity
2. WHY CONSOLIDATE - THE DRIVERS
5
The concept of pulling your resources together and understanding
what you have at your disposal is, in general, a good thing to do,
after all, knowledge is power in the fight against cyber security
threats.
However, external forces such as compliance and regulation are
also driving the need to be more streamlined and efficient,
making management of the compliance process a seamless and
less stressful operation.
There are a number of reasons why infrastructure
security consolidation is a good idea.
6. Cybersecurity
3. KNOWLEDGE IS POWER AND SIMPLICITY IS YOUR FRIEND
6
Whilst going through this exercise, one
watchword should be at the forefront of
everything you do, simplicity.
The acronym KISS that stands for « keep it
simple, stupid », is one that can inform
correct choices.
In security, anything that is overly complex
results in multiple points of failure, poor
uptake and human error.
The first step in consolidating your infrastructure security is to understand what you already
have and where that falls short.
7. Cybersecurity
3. KNOWLEDGE IS POWER AND SIMPLICITY IS YOUR FRIEND
7
The security complexity is increasing, especially
with game changers like Bring Your own
Device (BYOD), and the highly disruptive
Internet of Things (IoT).
The issue arises when older technology
comes up against the new. This is where
knowledge can create simplicity.
A key area that a knowledge-based approach
can improve efficiency is to create a more cost
effective security infrastructure.
The amounts spent on cyber security
preventative measures are massive.
$101 billion*
is expected to be spent by
enterprises on cyber security
in 2018.
*from Analyst firm Gartner
8. Cybersecurity
4. CONSOLIDATING YOUR LOT
8
Cyber threats are now more sophisticated
and multi-faceted, as our technology emerges,
so do the threats.
We find ourselves in a situation with our point
solutions of having « too many cooks spoiling
the broth ».
The administration and update of the products
alone, is a management nightmare.
More point solutions means more points of
failure - more areas that can allow a cyber
threat to become a breach.
9. Cybersecurity
4. CONSOLIDATING YOUR LOT
9
Much anti-virus software, for example, cannot keep
up with the new threat landscape. Definition
updates can be way behind the threat curve.
Imperva looked at a number of AV software solutions
and found that 75% of their definitions were out
of date by almost a month.
10. Cybersecurity
4. CONSOLIDATING YOUR LOT
10
Consolidation requires modernization and the time is now.
A modern approach is to use holistic technologies, capable of
managing the highly distributed and diverse infrastructure of today’s
enterprise.
Consolidation is something that can bring your extended network
and Internet application resources together, rather than keeping them
as separate entities as end point products do.
From the knowledge base you created at the outset of consolidation,
you will understand the type of security tools that can impart
a more holistic approach to your security infrastructure.
11. Cybersecurity
4. CONSOLIDATING YOUR LOT
11
A good supporting architecture is the
foundation of your infrastructure –
using a reverse proxy architecture
can give you many security benefits,
including being able to more efficiently
handle HTTPS traffic.
A Web Application Firewall (WAF) and
especially the use of smart web
application protection, is a highly
effective modern method of
preventing attacks at the application
layer and into the extended web
service layer.
12. Cybersecurity
4. CONSOLIDATING YOUR LOT
12
Another area ripe for consolidation is your
authentication policies. Single Sign On (SSO)
across enterprise and web applications is one
way to cut down on resource greedy user
account management issues.
Other authentication options such as the use
of two-factor authentication should also be
applied where needed and can be part of an
SSO system.
Centralizing your security
strategy, through
virtualization is another
possible coping mechanism,
which can reduce costs and
make security a more
manageable asset.
13. Cybersecurity
4. CONSOLIDATING YOUR LOT
13
The best way to consolidate your
security infrastructure is to see it
as a process of change.
Taking your deep understanding of your
enterprise extended architecture and
data flows and applying a modern
holistic approach, using new security
2.0. tools, to create a modern and
strategic security infrastructure.
14. Cybersecurity
5. A CONSOLIDATED FUTURE
14
The modern enterprise is made up of fuzzy, ever extending layers. Our
approach to securing our infrastructure needs to be one that can handle a
very complex and often changing environment.
Flexibility and simplicity need to be at the heart of our approach to security
infrastructure management.
With the extension of the enterprise touch points, into Cloud environments
and with emerging disruptive technologies like the Internet of Things, we
have to create a new paradigm of thinking when it comes to perfecting our
security infrastructure.
15. Cybersecurity
5. A CONSOLIDATED FUTURE
15
Consolidation of what already exists within that infrastructure using
security 2.0 thinking will allow us to build the type of robust enterprise that
is prepared for the onslaught of threats that we see on a daily basis.
We need to prepare ourselves for both insider as well as outside threats,
by using knowledge and applied intelligence; intelligence from our
own personal experience as well as that of security 2.0 tools like those in
the smart web application protection camp.
We have to create enough flexibility in our infrastructure to cope with a
threat landscape that changes, this requires creative security to build a
streamlined, robust and reliable infrastructure security model.