Chuck Leaver – Preventing Operational Issues From Turning Into Security Problems

Written By Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver

Get Back To Fundamentals With Health And Avoid Serious Problems

When you were a kid you will have been taught that brushing your teeth properly and flossing will avoid the need for pricey crowns and root canal treatments. Basic hygiene is way much easier and far more affordable than overlook and disease. This very same lesson applies in the realm of business IT – we can run a sound operation with correct endpoint and network hygiene, or we can face increasing security issues and disastrous data breaches as lax health extracts its burdensome toll.

Functional and Security Issues Overlap

Endpoint Detection and Response (EDR) tools like those we develop here at Ziften supply analytic insight into system operation throughout the business endpoint population. They likewise provide endpoint-derived network operation insights that considerably broaden on wire visibility alone and extend into virtual and cloud environments. These insights benefit both security and operations teams in significant ways, given the significant overlap between functional and security issues:

On the security side, EDR tools offer critical situational awareness for incident response. On the functional side, EDR tools supply vital endpoint visibility for functional control. Crucial situational awareness demands a baseline comprehension of endpoint population operating norms, which comprehending facilitates proper functional control.

Another way to explain these interdependencies is:

You can’t protect what you don’t manage.
You cannot control what you do not measure.
You can’t measure what you don’t track.

Managing, measuring, and monitoring has as much to do with the security role as with the operational role, don’t aim to divide the infant. Management suggests adherence to policy, that adherence should be determined, and functional measurements constitute a time series that need to be monitored. A few sparse measurements of important dynamic time series does not have interpretive context.

Tight security does not compensate for lazy management, nor does tight management compensate for lazy security. [Check out that again for emphasis.] Mission execution imbalances here lead to unsustainable inefficiencies and scale difficulties that undoubtedly result in significant security breaches and operational shortages.

Where The Areas Overlap

Substantial overlaps between functional and security problems consist of:

Configuration hardening and standard images
Group policy
Cloud management and application control
Management of the network including segmentation
Data security and encryption
Management of assets and device restoration
Management of mobile devices
Log management
Backup and data restore
Vulnerability and patch management
Identity management
Access management
Staff member continual cyber awareness training

For example, asset management and device restoration as well as backup and data restoration are likely operational group obligations, however they become significant security headaches when ransomware sweeps the network, bricking all devices (not just the typical endpoints, but any network attached devices such as printers, badge readers, security video cameras, network routers, medical imaging devices, industrial control systems, etc.). What would your enterprise response time be to reflash and refresh all device images from scratch and restore their data? Or is your contingency plan to immediately pack the attackers’ Bitcoin wallets and hope they haven’t exfiltrated your data for further extortion and monetization. And why would you offload your data restore responsibility to a criminal syndicate, blindly trusting in their best data restoration integrity – makes definitely zero sense. Operational control responsibility rests with the enterprise, not with the enemies, and should not be shirked – shoulder your duty!

For another example, basic image construction utilizing best practices setup hardening is clearly a joint obligation of operations and security personnel. In contrast to inefficient signature-based endpoint protection platforms (EPP), which all large business breach victims have long had in place, setup hardening works, so bake it in and continuously refresh it. Also consider the requirements of enterprise personnel whose job function demands opening of unsolicited e-mail attachments, such as resumes, invoices, legal notices, or other needed documents. This must be performed in a cloistered virtual sandbox environment, not on your production endpoints. Security staff will make these decisions, but operations staff will be imaging the endpoints and supporting the workers. These are shared duties.

Overlap Example:

Detonate in a safe environment. Don’t utilize production endpoints for opening unsolicited however needed email documents, like resumes, billings, legal notifications, etc

Focus Limited Security Resources on the Jobs Only They Can Carry out

Most large enterprises are challenged to successfully staff all their security functions. Left unaddressed, deficiencies in functional efficiency will stress out security staff so quickly that security roles will constantly be understaffed. There won’t be enough fingers on your security group to jam in the multiplying holes in the security dike that lax or neglectful endpoint or network or database management develops. And it will be less difficult to staff functional functions than to staff security roles with gifted analysts.

Offload routine formulaic activities to operations staff. Focus restricted security resources on the jobs only they can carry out:

Security Operations Center (SOC) staffing
Preventative penetration testing and red teaming
Reactive event response and forensics
Proactive attack searching (both insider and external).
Security oversight of overlapping operational roles (guarantees existing security mindset).
Security policy advancement and stake holder buy-in.
Security architecture/tools/methodology design, choice, and development.

Enforce disciplined operations management and focus limited security resources on vital security functions. Then your enterprise might prevent letting operations problems fester into security problems.



No Responses Yet to “Chuck Leaver – Preventing Operational Issues From Turning Into Security Problems”

Leave a Reply