Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Four questions to consider when building a security platform

By Steve Salinas.

For those of us in the technology industry comparing Moore's Law to technology advancement is nothing new. Moore's law holds that computer processing power will double every two years. Aside from a few peaks and valleys, I think most would agree that this is true. I contend that Moore's Law, at least in principle, holds true for malware and attack methods as well.

Unless you have been hiding under a rock the last few years you will be fully aware that cybercrime has exploded in recent years. Hackers, who once had to build their own malware from scratch, now have access to numerous toolkits that make developing their own variant of malware easy. For the hacker who would rather spend their money than their time on malware, there are even malware exchanges where anyone can buy malware built for anything from controlling a webcam to siphoning credit card information, and anything in between.

Combine the ease by which hackers can access malware with the way social media makes it easy to organize groups of people around the world and you have a dangerous new frontier. Attackers, who can work together to target an organization, steal data and cover their tracks, all under the guise of anonymity. How can you defend yourself from this new breed of attackers?

Gartner’s Neil MacDonald proposes that now is the time for companies to turn their focus from an incident response model of security to one that provides continuous response. MacDonald coins this as a Continuous Advanced Threat Protection approach to security. While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities. To truly make the shift towards MacDonald's continuous response, security professionals need to evaluate tools and processes with a fresh set of eyes. Here are four things to consider when making this necessary shift in security approach:

1. Where is my most sensitive data?
Many tools and services available in the market focus on the end point, which makes sense. Employees are using laptops, tablets, and Smartphones to access your company sensitive data around the clock, but where is the data they are accessing? That's right, your data centre / center. While the impact of losing a laptop to a compromise is no laughing matter, the impact of losing a server filled with company confidential information, product development plans, source code, and the like to a compromise can bring down an organization. Looking at your risk from this perspective can open your eyes to the importance of having rock solid data centre protection.

2. How is the cloud going to impact my data centre?
If you have not already moved some of your critical data centre infrastructure to the cloud, there is a good likelihood that business drivers will move you in the direction of the cloud sooner than later. Securing data centre assets in the cloud presents quite a challenge, especially if you are outfitted with products designed to protect physical data centres. The cloud is ephemeral by nature. Unlike physical assets the very nature of your data centre can change quickly. If your security products expect static IP addresses, for instance, you will run into issues fast. With the rise of DevOps and automated deployment, new assets can be added to a cloud environment continuously making it difficult for your security products to protect them. Make sure that when you are selecting products select products designed to protect physical assets as well as cloud environments.

3. What do I need to do to gain visibility across my data centre environment?
Now that you know you need to beef of your data centre protection and prepare for the cloud, the next question to answer is how. First you should determine what assets are in your data centre and how are they accessed. Most organizations have file servers, web servers, databases, as well as some applications hosted in their data centre. Beyond the basic anti-virus you will need some technology that can scan your network traffic for abnormal movement of data. You will also need a web application firewall that can sits behind your network firewall and in front of your websites and applications to protect you from specific web application attacks. Lastly you will need a log management solution that can make sense of all the information your security tools generate. With the tools in place you need to find quality, skilled resources that understand how to use them. Security expertise is a critical component of a security approach as they provide the human analysis that enables you to not only understand the threats impacting your data centre but also how to remediate the issues. These experts need to monitor your security platform 24×7 as the attackers many times will attempt to penetrate your environments when the rest of us are sleeping. Be prepared though, these experts are in high demand and do not come cheap.

4. Where do I get the intelligence I need to protect me from emerging threats?
Now that you have the tools and the people to protect your data centre, you need figure out how to gain insights into threats that this new breed of attackers are using to steal data. There are a number of open source threat intelligence feeds available that can provide you with signatures of known bad files, malicious IP addresses and other security content. In a perfect world you would have the ability to source your own threat research to augment what is freely available. With this threat intelligence and security content your tools and experts are armed with the information they need to eliminate false positive alarms that your security products generate, allowing them to hone in on security events that indicate a potential compromise has taken place.

By no means are these the only questions you need to ask yourself when building out a security platform to protect your most sensitive data, but it's a good start.

The author
Steve Salinas is product manager at Alert Logic.

•Date: 1st December 2014 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here