Authored by: Jyothi Babu Thummala, Lead- Disruptive and Next Gen Security Solutions at Happiest Minds Technologies
In today’s ever-changing business- climate, mobility, connectivity and flexibility for the workforce are a must. Businesses are conducted across geographical and economic boundaries due to which the workforce is increasingly mobile. Work is not fixed at one location anymore. With the need to keep the costs low and computing power available on demand, the cloud based applications and cloud adoption is proliferating at breathtaking speeds. Data is continuously on the move across boundaries along with people. While data movement is a benefit, it also increases the potential attack surfaces, both in the cloud and off it. Today, the Enterprise needs a 360-degree view of all data exchange. They need the capability to monitor the network from all angles and at all times creating a dire need for a 360-degree enterprise security. Fortunately, that is possible.
The quantity of vulnerabilities are exploding in today’s dynamic environments, while breaches are exploiting them faster than ever before—and with greater sophistication and stealth. In so- called “zero-day attacks,” exploits are created for vulnerabilities.
The First stage is all about knowing the vulnerabilities, potential attack surfaces, key malevolent groups, the third parties involved, the infrastructure that has been outsourced and how that is being managed and protected. It is essential to know everything that can be worth a cyber criminal’s effort and time. A visibility here will be a key input to the 360-degree protection. This should be followed up with a thorough scan of the complete digital footprint of the organization to map out all the potential attack surfaces. Getting a vulnerability scanning and management platform won’t be a bad idea. It should have the capabilities for internal as well as external scanning and flagging off potential attack surfaces.
The Second stage is all about plugging the loopholes and weaknesses in the order of priority. Anything that appears to be the weakest link should be tended first. After this, depending on the plan, the enterprise can move forward eliminating the vulnerabilities in the enterprise software and third party software. Firewall configurations should be changed and point protection should be installed. Anti-Virus scanning, automated management of software patch installation, reputation analysis and control for web access & applications are other important tools that can be used in this stage. This stage is a lot about organizational mindset and culture. When people care about security and follow processes, the level of safety automatically increases. The employees and their security habits are also great strengths and great vulnerabilities, depending on how the security is closely integrated, in culture and policies of the organization.
The Third stage is all about detection. In this age of super malwares, it is essential to assume that something will get into the system, regardless of the prevention safe guards. There are chances for new and probable unknown threat surfaces and vulnerabilities that might have been born unnoticed. The longer it takes to detect an intrusion, the more damage it does. The focus here hence should be to reduce the malware detection time or dwell time and to spot the WIP (work in progress threats) ASAP. Malware sandboxing (Automated malware analysis systems) and 360-degree network analysis (for example the Deep discovery platform from Trend Micro) are some of the tools that are very helpful here. There is no substitute to Human intelligence and established security processes. If security teams are carrying out routine monitoring and assessment of the network continuously in addition to these tools, the ability to respond rapidly to any ongoing threat always improves.
The Fourth stage of Response is heavily dependent on how well the first three stages have been implemented. The fourth stage security should be seen as a risk management issue and there should be a disaster management and business recovery plan in place. The cyber security team on a war footing should measure the depth and seriousness of the intrusion. It should create a real time signature of the threat and share it with the entire gateway and endpoint security filters. The infected system components should be quarantined and the virus/ malware should be cleaned from all of them without fail. The incident needs to be dissected threadbare and the insights should be put into action immediately.
Nobody will be ever able to guarantee 100% fool proof enterprise security. Those who are proactive, thorough enough and adequately prepared in looking for an intrusion will be in the best position to reduce its cost and minimize the damage to the business and its reputation. How well an incident is managed is what’s going to make the difference between an organization that reels under the incident for years and those who get back with readiness to fire the next day.
