So your security infrastructure is working great, no attacks, and you saved a boat load of money which makes the CFO jump for joy. Great! You know your security appliances are working when nothing happens. But how well are they really working? Do you know what’s connected to your network? How do you know that your thermostat isn’t talking to Hong Kong at 2 am?
By The Numbers
- Nearly 80% of organization have been the victim of a Cyberattack in the last year.
- 50% of organizations have been victim of a ransomware attack in the last year.
- Cybercrime will be a $2 Trillion business by 2019.
- Average number of days an attacker hides in your network is 146 days.
Building a security strategy is no easy task. There are about a million different products out there to protect your systems from hackers. How can you really know what is the best? Here are few questions to ask yourself.
Does Your Security Talk?
One of the biggest misconceptions when building a security strategy is that you can line-up all the different vendor’s products and say “I like that feature on that one, I want that spec, and I need that kind of horsepower.” Bing, Bam, Boom – you have security for your network. This is how companies have been developing their strategy for years and for the most part, it’s “worked.” However, the bad guys are becoming more vicious and intentional in their attacks which is changing the way we should develop our security strategy.
The biggest question to ask is “do my security appliances talk to each other?” Chad Richards, a cybersecurity expert at Cisco, talked about this exact issue and gave a fantastic analogy.
“Having your security appliances in silos is like if you’re a police commissioner in a city and you send your officers out without any radios. The guy in the park is really good at catching the threat but has no way of telling the guy down the street that the threat is coming or what it looks like.”
If your systems are disparate, there is no way for them to let the other know that a malicious file has been creeping around the network. If your endpoint is the first to see that malicious file, it has to be sent for investigation which leaves you open to attack in the meantime. Finally, it may come back with information on IP addresses. It may try to reach out for command and control and what its general disposition is. But how does one system let the other know that it needs to block that specific file in the future? You have to manually align them – what a nightmare.
Wouldn’t it be nice to have systems that can talk and pass that on to your other systems automatically? Having to take the Sha Hash and go over to the other silo and make sure it knows about it is a massive waste of time and can introduce human error into the equation. That’s exactly what the attacker is hoping for. With a system that communicates, you have the ability to see, watch, and remediate potential attacks because you know exactly how, where, and when the malicious file got into the network.
Not Being Able To Track Files
Having a top-of-the-line security product is all well and good but we all know the classic saying, “it’s not if you get attacked, it’s when.” An effective security strategy will be able to stop most threats but when the malicious file is disguised and at first lies dormant for 6 months, your point-in-time firewall has no way of seeing what it’s touched. It’s not like you can watch a TV show later if you didn’t record it when it aired. If your systems aren’t tracking suspicious files then there is no way to know what it may have infected.
If you are able to track that file AND your systems automatically notify each other that the particular file has a malicious disposition, wooooooo boy that’s a good day! You will be able to identify, quarantine, and remediate without logging hours and hours of work trying to hunt down everything it could have infected.
Depth and Breadth Are Key
Everything from your thermostat to your light bulbs can be connected to your network. With the increased bi-directional communication, there is more emphasis on keeping your network secure through visibility. You just got a top-of-the-line coffee maker at work that makes the best Frappuccino? Well that thing is needing a connection to keep its firmware up-to-date. These appliances are designed to be useful and user-friendly but often times lack rudimentary security policies which leave your network wide-open for attack.
According to a study done by Ponemon Institute, the average cost per breach is $4 Million dollars. This includes remediation, cleanup work, and damage done to your brand’s image.
Create a strategy today that accounts not just for what we can connect to our network now but also what will be connected in the future. The average joe doesn’t know that their watch – connected over wifi – poses a serious risk to their company’s network. Having a posture that accounts for the average joe’s carelessness is key.