Current State of Information Security | Part 2
A few weeks ago, we looked at the current state of information security and implementations from the Ten Domain Model. Using this information, we can now look at where we need to be.
Due to the rapidly changing threat landscape two key requirements for information security are becoming increasingly critical. These requirements are automation and continuous monitoring.
1) Why Automation? Only automated approaches can scale and respond rapidly to large-scale incidents.
- Preventative policy enforcement reduces risk:
- overall number of security vulnerabilities
- the success of any particular attack technique.
- Automated remediation systems have a positive impact on a large number of hosts with a relatively small time investment from computing staff.
2) Why continuous monitoring? A primary goal of continuous monitoring is, as much as is practicable, to apply automated remediation to security vulnerabilities that are found. That takes the need for human intervention out of the picture. Human intervention and the errors and delays that result from it are credited for many of the lapses in IT security.
Let’s briefly revisit the 10 Network Security Domains.
Information security is a never-ending battle. As network attacks increase, security measures must evolve. Compounding the issue is the growing complexity of IT infrastructures in the Enterprise. For that reason, manual updates (those requiring varying degrees of human intervention) to the 10 domains simply cannot keep up with today’s security requirements for changing compliance and governance objectives. For example, if an agency’s internal audit results in a “Passing grade”, the result is for a static period of time. In other words, an agency’s infrastructure “passes” a security audit on October 1st. The question to ask is, “What happens October 2nd”, or any date before the next security audit? Is the IT infrastructure still safe? This is the very dilemma that exists today. This glaring weakness raises the requirement to continuously monitor network security – or Network Security Monitoring (NSM). To repeat, manual updates for NSM policy cannot match the ever-increasing threat of Cyberattacks. Automating NSM updates (via continuous monitoring) is the primary method to harden an Enterprise from disruptive threats.
Up to this point, there has not been a standardized platform for automated NSM.
That is, until SCAP.
How do we get there (automated provisioning and continuous monitoring of NSM)?
The Security Content Automation Protocol (SCAP), pronounced “S-Cap”, combines a number of open standards that are used to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement, and policy compliance evaluation. SCAP defines how the following standards (referred to as SCAP 'Components') are combined. SCAP was the next logical step in the evolution of our compliance automation tools for Federal Agencies. SCAP allows results to be easily shared for Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB), Department of Homeland Security (DHS), etc…