6 Best Practices for Moving Beyond a Reactive, Point-Product Security Infrastructure
Incident response (IR) teams are overwhelmed. Larger attack surfaces, state-sponsored cyber terrorism, and the industrialization of cyber crime all create fires and headaches for IR teams.
According to a survey by Intel Security, investigations are taking up too much time. Scoping an attack, finding out what systems were impacted, what was altered, and what other systems may have been affected is leaving them ineffective in the fight. Then, there are efforts to minimize the impact of an attack, evaluate security intelligence to detect incidents, root cause analysis, and so on.
Surveys provide great insight to tactical and strategic security challenges, but they don’t solve problems. For government IT security teams, one big problem is that the cost of doing business is treated as overhead, with few metrics and limited risk analysis. Furthermore, security measures are traditionally chosen with an eye on solving specific problems. These point solutions don’t link teams or data, or offer any kind of efficient way to integrate workflows.
Attackers use your Security Approach Against You
And that’s the problem. Attackers use your architecture and siloed approach against you. They target weaknesses in antique approaches – the white space in point-product implementations – to penetrate, persist, and strike.
So how do you unify your agency’s approach to managing threats? Intel Security recommends you ask yourself the following questions as you review your IR program.
- How well does it function as a machine?
- Is it a network of separate components, or an integrated, high-performing, continuously available system?
- How well do each of the processes integrate together? Is it a closed and continuous loop?
6 Steps for Optimizing Incident Response
After reviewing your program, Intel Security suggests you consider these best practices to help you optimize the “protect, detect, and correct.” steps of IR.
- Revisit your controls to see how much of the functionality is already available from your current solutions before purchasing a ‘silver-bullet’ product.
- Pay for external threat intelligence only if it matches risks and activities within your environment.
- Harness events at all attack vectors to inform attack analytics.
- Invest only in solutions that link security controls with data capture, advanced analytics, and rapid response tools.
- Incorporate diverse static and dynamic analysis technologies to detect threats using advanced evasive techniques and variable timing and execution paths.
- Centralize incident management and monitoring across all systems to lower costs and improve visibility, response, and decision-making.
For more tips and best practices on how you can make the move from a reactive, point-product security infrastructure to an agile, adaptive model that helps you protect, detect, and correct security issues, check out this white paper from Intel Security: Disrupt Targeted Attacks: Synthesize IT operations and security controls into an agile architecture.