Story image

How to drop complexity and move to a more efficient security strategy

18 Aug 2017

Cybersecurity is about taking a proactive approach and organisations should stop reacting to cyber threats after they’ve suffered a breach, according to CenturyLink, but putting that into practice can overwhelm some organisations and small teams.

The company says there is no magic security bullet that will protect an organisation from all threats – and as the threat landscape expands rapidly, firms need to take an holistic prevention approach.

The idea that a security team, on its own, can prevent any attack is getting harder to put into action. The threat landscape continues to grow more varied and complex, to the point where adopting areas of holistic focus is the best approach,” comments CenturyLink’s A/NZ regional director Stuart Mills.

Here’s what CenturyLink believes are three practical countermeasures for threat detection and response.

1. Security log monitoring and SIEM technologies The emerging best practice of prevention-centric, holistic cybersecurity countermeasures involves continuously monitoring the logs of IT assets and business systems in a mode of correlation and deep analysis that can reveal hidden risk exposure. To perform this kind of analysis, many IT departments turn to security log monitoring and security information and event management (SIEM) solutions. SIEM solutions can help detect possible threats based on data correlation. However, executing SIEM can be complex and costly. The technology is only as effective as its configuration and continuous upkeep. This depends on expertise in data collection, the strength of the correlation rules established, and an understanding of the threat landscape, attack patterns and/or compliance requirements. It’s a budget and resource-intensive process, which requires expert security staff. 

2. Proactive threat detection and notification Proactivity makes detection-centric security work most effective. Being proactive means correlating multiple streams of data and pulling insights from both real-time events and asset risk profiles to detect threats at the earliest stages and reduce false positives. The best way to do this is with a 24/7 security operations centre (SOC) that performs continuous monitoring, which can aid in investigation and provide deep context to threat trends.  For a security team to act on a threat, they must receive an alert and decide on an appropriate response. Often, too many false positives and vague warnings can lead to alerts getting ignored. A proactive threat detection system must be accompanied by a sophisticated, risk-based alert process that combines automation with rigorous human review.

3. Incident management and response Once a possible attack has been detected, the business must handle it effectively to limit damage, increase external stakeholders’ confidence, and reduce recovery time and costs. An organisation’s ability to swiftly and efficiently respond to incidents makes the difference between weathering them and incurring great damage to the business and its reputation.  While most organisations have incident response (IR) plans in place, many don’t truly operationalise them, leaving the plans ineffective. Incident response can be expensive and distract from other security duties but this is a critical area to focus on and get right. “Daunting as the security challenges may seem, there is no reason for organisations to be pessimistic. It’s time to shift the focus from protection to detection and response, and let go of the myth that you can protect everything, all the time. Putting the cybersecurity emphasis on detection gets businesses closer to stopping attackers before they carry out malicious acts,” Mills concludes.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.