enterprisesecuritymag

Evolving Security From Reactive to Proactive Protection Methods

Felipe Medina, AVP of Information Security Engineering, BankUnited

Felipe Medina, AVP of Information Security Engineering, BankUnited

If you have ever been involved in either a breach or an attack in your professional career this seems like a misnomer and something that, as the conspiracy theorists we all are, is simply not attainable. In the larger picture you are right, as the bad guys do something that we, as industry professionals, rarely do—they collaborate very well and share information. Now, let’s get to why you really want to read this article, what are the steps we can take to make our tools first become better connected, and evolve our security practices and tools from a reactive to a proactive state?

First, let’s ensure we level set; this methodology requires executive buy-in and investment in IT and IS departments. This will require collaboration with your business lines as well to ensure you are addressing the moneymakers for your enterprise/business. So, the first thing is learning from any issues or attacks, and adding this intelligence into our platforms to alert at proper thresholds. I am a big fan of using standard deviations which allow me to baseline traffic on platforms, like a SIEM (Security Information and Event Monitoring), based on a control set of data ranging from hours-to-months as needed. I would not recommend years, as this could take a while as well as the cycles that the device would need to take from normal processing. This gives organizations an early detection capability for network as well as device level events to ensure proper health or in early detection of a DDoS or outage.

Another point is, with the advent of machine learning, having security platforms that can leverage this technology allows teams to be smaller yet more effective in both detecting and responding to issues/incidents. Endpoint technologies that leverage this allow detections by checking the DNA of files, scripts and memory reads which have proven highly effective against newer attacks like Ransomware. Using these technologies for networks and SIEM also allow the multitude of false positives to be more quickly correlated and get to the meat of where those issues are. This often takes a human to conduct training, which does require time and at times, retraining. However, the end result is saving man hours and reducing your false positives.

"I am a big fan of using standard deviations which allow me to baseline traffic on platforms, like a SIEM, based on a control set of data ranging from hours-to-months as needed"

Now, connecting all this together is the last piece in that most modern technologies can also interconnect via RESTful API calls. While a SIEM can do this more effectively, REST API’s are allowing teams to better automate detections and responses when security events occur without the overhead of having a SIEM and the FTE’s needed for managing a SIEM tool. This works by intertwining detection tools on the network with endpoint or network policy enforcement tools to act upon the information from that detection. This workflow takes time without a SIEM but can be done. Having a SIEM does allow you to pivot through the detections and what it meant across all infrastructure components and then automate more intelligently and often times more effectively. In working out the above workflow, companies and enterprises can save monies and effectively connect their security tools and IT tools to provide their organizations a more effective security posture, and move from reactive to proactive security responses to advanced cyber-attacks.

Weekly Brief

Read Also

Building a Comprehensive Industrial Cyber Security Program

Building a Comprehensive Industrial Cyber Security Program

Mohamad Mahjoub, CISO, Veolia Middle East
Bolstering Cybersecurity

Bolstering Cybersecurity

Amr Taman, Chief Information Security Officer, Al Ahli Bank of Kuwait
Building Untrusted Networks to Improve Security

Building Untrusted Networks to Improve Security

Earl Duby, Vice President and CISO, Lear
Security challenges that companies face when implementing telehealth and the solutions and best practices for managing the risks

Security challenges that companies face when implementing...

Stefan Richards, Chief Information Security Officer, CorVel Corporation
Building Cyber Resilience during Covid-19

Building Cyber Resilience during Covid-19

Aleksandar Radosavljevic, Global Chief Information Security Officer, STADA
IAM may help secure data, but it needs to be protected as well

IAM may help secure data, but it needs to be protected as well

Marc Ashworth, Chief Information Security Office, First Bank