This is not a rant to prove how dangerous the IT business landscape has become. We all know the bad guys are getting bolder and smarter, the stakes are higher and the line between security and sacrifice are nearly transparent. Every IT and security professional are well aware of the risks and work hard at preventing breaches, leaks, intrusions and hacks. But, for a variety of reasons (from budget to headcount to lack of C-level support to tool limitations) it seems that the odds are continuously stacked against them. It’s Vegas; where the House always wins.
And maybe that’s the point. If we are to even the odds (or at least close the gap) what is needed is not higher walls, but smarter processes—and a way to turn the processes into actionable intelligence.
Many companies apply a log management solution to find the anomalies and create alerts. This is a great start, but most log management initiatives have significant vulnerability gaps. Log management is only as good as the speed in which the events are reviewed and parsed. It could be a week or more before some events are flagged and remediation actions are applied.
Some companies automate the log process by using a SIEM continuous monitoring and correlation engine. Yes, this is an effective means to sift out the white noise and create a real-time alert system. SIEM is a great tool too, but just not in isolation. By simply looking at events, it doesn’t grasp the whole threat landscape.
Other solutions come in to play and are often deployed by companies large and small. They include intrusion detection, web filtering, identity management, single sign on, access management, and a slew of others. This evens the odds a bit further, but what you have is a security potpourri and not a process.
A process, at least as we define it, is all of the solutions and tools working together; not just at the same time or in parallel. Every piece tells part of the story, but if not analyzed together you don’t truly get context or cannot predict and identify behavior that falls outside of permissible or acceptable parameters.
A good security methodology is about understanding risk. To properly do that, you need the means to compares activity from users, admins, peer groups etc to set patterned behavior baselines. You need to be able to correlate identities, access rights, user & application, activities, audit logs, geo-location, and NetSec events to prevent and control suspect behavior. This gives you the true context to be able to see the subtleties between true threats and false alarm. And, it gives you the necessary and real time intelligence to do something about the issue before it becomes a wider scope problem
What a good process does is leverage what you have to tell you what you really want to know. What a good process does is even the odds.
However, as mentioned earlier, not all companies can afford all the necessary point solutions to achieve the described process. With the advances made via the cloud and the ability leverage existing investments, CloudAccess provides the platform (identity analytics and intelligence–REACT) that can reduce man hours, the headcount and many of the expenses associated with an enterprise security deployment.
Are you ready to even the odds?