Security needs to shift to a third phase; needs to be baked into IT disciplines
Processes should come first, then the tools, says network security executive
SECURING the network today is harder, with the cloud and mobility trends leading to the decentralisation of the network and taking it beyond on-premises. Cybersecurity can be broken down into six domains, all of which are necessary to secure todays’ networks, according to Matt Alderman (pic above), vice president of global strategy at Tenable Network Security. Maryland, US-based Tenable Network Security, founded in 2002, specialises in network security. It has additional offices in Singapore and the United Kingdom, The first domain is ‘discover.’ “We have to understand where the critical data and assets are in our network, and it’s one thing we struggle with more than anything else in this industry to this day,” says Alderman. The second domain, assessment, is important in understanding the state of security in the network – from the devices on the network to vulnerabilities, misconfigurations, malicious files and processes. This goes beyond the usual security information and event management (SIEM) technology used in securing networks, says Alderman, speaking to Digital News Asia (DNA) on the sidelines of the recent RSA Conference Asia Pacific and Japan (RSAC APJ). “I need to understand what’s going on in my network – we mainly think of it as SIEM, but it’s much more than SIEM. “It’s log management at the device and network level, it’s also network packet inspection – actionable threat intelligence feeds that help me better understand what activities are going on in the network,” he adds. The third domain, analytics, is more than just crunching data, but is also about integrating contextual information. Analytics are often related to monitoring, but it has to also bring in the assessment and discovery components as well, “as I have to understand context,” Alderman says. Context is in fact the fourth domain, which is necessary to understand malicious activities or anomalous behaviour on the network. Contextual information would allow for proper responses to contain and mitigate specific attacks. The fifth domain, response is the only human element in the process, with people requiring the mechanisms and tools to mitigate and remediate threats. The human factor is also seen by the fact that users remain the biggest threat to network security, according to Alderman. “What we’ve seen is that [cybercriminals] are getting in through the end-user via phishing and social engineering attacks. “When you think about what our biggest danger is, it’s we as humans,” he says. In a 2015 data breach investigation report by Verizon, it was found that 23% of users open phishing emails, and 11% click on them. A test showed that 50% of users open and click on phishing links within the first hour. Finally, the sixth domain is ‘protect,’ which is the machine factor of the security equation – the automation in installing patches, changing configurations, and shutting down a port or service. This is the domain Alderman feels organisations are struggling with.
“I think we do a pretty good job here and there with all the other domains, but we are not tying all those pieces together in a holistic way,” he says. “Protect is something that I think is nirvana for all of us in the industry, but it’s going to require us to build a lot of trust in our security systems to actually automate a lot of those activities,” he adds.
