SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Security: Counter measures to protect your customers
Mon, 29th Sep 2014
FYI, this story is more than a year old

Media attention has focused business attention on security. Dick Bussiere, Tenable Network Security principal architect, offers some tips on helping your customers with counter measures.

Cyber threats and advanced persistent threats (APTs) are good fodder for news. Reports of breaches sound alarming, even though the technicalities of an attack may be poorly understood by most people.

Stories about newly-identified threats that are so stealthy a company may not even know its systems have been compromised are guaranteed to grab attention and cause at least a modicum of discomfort for C-level executives.

The positive from all this media attention is a heightened awareness among business people of the need to secure the network and IT infrastructure.

Responding to threats

Assuming you get the budget and go-ahead to do something, resellers can plan their customer counter measures across the three essential areas of prevention, detection and response/recovery.

At the most basic level, IPS (intrusion prevention systems) and IDS (intrusion detection systems) are 'must have' security tools. Web reputation services and URL filtering solutions can help users to avoid malicious web sites.

One of the mainstays of security, a suite of antivirus tools, may still be helpful for some security concerns but it's worth realising they typically detect less than half of the threats faced by businesses today.

Continuous monitoring and the ability to take a wider view, to analyse and correlate security events across all network devices are essential, especially when dealing with an APT where you are effectively facing the unknown and can't afford to rely on signature-based technology.

Speaking of the unknown, it pays to be prudent when setting security policies. A good strategy for dealing with untested, untrusted or guest programs is to 'sandbox' them, by placing restrictions that partially isolate them from the rest of your environment. At least this way, until you know more, you limit the potential for damage.

Thinking ahead

Given the rapid rise and evolution of cyber threats, it makes sense that the most appropriate security tools resellers can offer will be those that offer wide coverage rather best-of-breed tools which rigidly address specific issues. For the same reason, expect big data and correlation to play leading roles in the detection and prevention stages.

Whether now or five years hence, the first consideration by any reseller of any security strategy should be to take the data out of play. Encrypt it and isolate it. Make it as difficult as possible for someone to access it. Then, work on the premise that your customer’s organisation has already been compromised.

A simple phishing attack with an uneducated member of staff may already have delivered all the information and access an outsider needs to compromise your network. Therefore, look for the gaps in your customer’s security strategy that may have allowed this to occur.

Find ways to improve and always think about the diversity of devices coming onto your network. Monitor constantly and analyse the data for trends. Above all, if you want to offer a security solution, get predictive.