The following is a guest post from Yisroel Hecht, former Chief Information Security Officer for the City of New York, and Associate Commissioner of IT Security at the NYC Department of Information Technology and Telecommunications.
As cyberattacks continue to proliferate, so do the number of security products being developed to detect and mitigate these attacks. Corporate executives are in a panic to maintain their company brand and are, thereby, compelled to invest extensively in new products to enhance their cybersecurity posture. Unfortunately, many organizations lack the expertise in understanding how to countermeasure the ever-emerging, dynamic and evolving cyberthreats, so they continue to layer their environment with additional security products. This approach creates more complexity in securing their digital assets and, consequently, renders new opportunities for adversaries to compromise their business.
Vendors are keeping a watchful eye out for victims of cyberattacks to whom they can sell their products. No assurances are provided to their clients that they will be able to further diminish the probability of a successful cyberattack.
To highlight this point, I would like to share the following anecdote:
After a tiring day of harvesting his crop, Ivan, a 13th century peasant, returned home to put his day’s earnings into storage. Dark clouds rolled in and the wind began to howl as Ivan worked feverishly to pack his loaded wagon into the silo before he lost his crop to the approaching storm.
A passing peddler noticed the peasant whipping his oxen as he struggled to pull the oversized load through the small opening of the silo. Observing this, the shrewd peddler called out to Ivan, "Why are you hitting the oxen? Can’t you see the crop is too large for the small entrance? Here, take a look through this magnifying glass, and you will see the silo opening enlarge! Why don’t you purchase this magnifying glass, and you will solve your problem by expanding the silo's entranceway."
The simple peasant bought the magnifying glass for a hefty price, and the peddler went on his way. Ivan took a look through the magnifying glass and, to his delight, saw the entrance enlarge. He then whipped the oxen in an attempt to enter the silo; but, to his disappointment, the wagon wouldn't budge. Bewildered and angry he ran after the peddler, "This tool doesn’t work! I want my money back!" The peddler chuckled and responded, "Pay me another 20 percent and I will show you the most effective way to use this device." The naive peasant agreed and paid.
The peddler explained, "The problem is, when you look at the silo's entrance through the magnifying glass, the doors expand; but when you look at the wagon through the same side of the glass, the crop expands as well. The solution is simple: look at the silo opening using this side of the glass to see it expand. Next, turn the glass around and look at the load through the other side, and watch the crop shrink. If you follow these steps, you should have no problem getting your harvest into the silo."
This time the peddler hurried on his way…
Critical thinking and sound decisions
Before procuring new security solutions, it is important to have a clear understanding of the key gaps in your InfoSec capabilities. It is equally important to make sure the intended product will meet the business objectives. Security is achieved through a blend of people, process and technology. Many times the solution that is obtained has numerous dependencies in order to be effective. The security solution may require a specialized skill set or significant integration work before there is noticeable value derived from the purchase.
The following are some of the most recent trending products in the information security market: Cyber Threat Intelligence (CTI) and Threat Intelligence Platforms (TIP).
Benefits of CTI include:
- Actionable information
- Cyber adversary Tactics, Techniques, and Procedures (TTPs)
- Attribution
- Awareness of trending threats
- Predictive security
Benefits of TIPs:
- Correlated threat data
- Automated mitigation
- Information sharing
- Tactical decision-making
- Enhanced executive reporting
The above is a crucial segment of the information security market that has significant value to establishments with mature security programs and dedicated advanced tactical teams to reduce the likelihood of a successful intrusion. However, these products can be a distraction and counterproductive for organizations that still require manual intervention for common opportunistic malware, or those with minimum visibility into the users and applications traversing their environment.
A time for introspection
Opportunistic malware campaigns are still the most prevalent challenges that organizations face today. Before you make your next information security investment, do a basic self-assessment on your current set of policies and controls.
Here are some initial steps that will help enhance your cybersecurity program and assist with making informed decisions about your next investment:
- Create clear and concise organizational security policies
- Provide company personnel with a list of approved applications and services
- Turn off all system protocols and services that are not in use
- Enforce least privilege controls
- Institute an aggressive patch management solution
- Enable the appropriate levels of system, application and security logging
- Log all events to a centralized correlation engine
- Store all events based on your retention policy
- Enable strong authentication, authorization and accounting procedures
- Consolidate security products to platforms that are network, application and content aware with integrated threat intelligence feeds
- Implement a cybersecurity awareness and training program
- Evaluate which security services should remain in-house and which should be outsourced
- Establish key performance indicators to evaluate the effectiveness of the security program
- Categorize security investments, and measure the TCO and ROI against product performance
- Define a proven methodology to address cyberthreats
- Create a breach response guide and an executive communication playbook
Acquire control with measurable outcomes
In many ways firewalls currently remain the first line of defense. If you are still holding on to your traditional port-based firewall, now is the time to change it. Legacy stateful firewalls are no match for today's complex attacks; these firewalls should be replaced with next-generation firewalls (NGFWs). NGFWs provide full visibility and control of the user, application and content so that you can securely enable your business.
Selecting the right NGFW
Palo Alto Networks is a proven market leader and forward thinking-company that has taken the obscurity and complexity out of cyber defense. They provide a single interface to get all the information you need to detect and defeat threat, whether physical or virtual, on premise or in the cloud.
What I like most about Palo Alto Networks is their continued commitment to threat prevention. Many vendors and organizations have changed their strategy from threat prevention to threat detection and response. Their method is accompanied by a heavy reliance on human support to analyze the information and provide remediation. This approach is not scalable, since computers need to fight computers, and cyberthreats need to be compartmentalized so they become manageable. It is only possible to achieve an effective detection and response strategy if there is a committed focus on prevention.
Palo Alto Networks NGFW stands out for its App-ID technology, which provides granular control over network traffic streams, and for its fully integrated threat intelligence capabilities. The threat intelligence integration provides pertinent, relevant and actionable information, giving customers the ability to analyze, predict and, ultimately, prevent new and emerging threats. These features and capabilities are now extended to SaaS applications in the cloud and are a part of the unified next-gen prevention solution.
Conclusion
The information security market has numerous, new and innovative products to tackle ever-evolving cyberthreats. However, many of these products are still point solutions that require the customer to further integrate the new product into their existing set of tools. This creates a lot of overhead and complexity, which may significantly diminish the effectiveness of the products.
Vendors like Palo Alto Networks continue to build, simplify and natively integrate cutting-edge cyberthreat detection and prevention into their products, so customers can get the maximum value out of their security initiatives. They also collaborate with other leading vendors to share threat information. This strategy greatly improves defenses against cyber adversaries and decreases the potential of successful cyberattacks, including zero days and advanced persistent threats.
Organizations need to tackle this cyber challenge holistically within their establishments through a bottom-up approach with executive leadership support.
Yisroel Hecht is the former Chief Information Security Officer for the City of New York, and Associate Commissioner of IT Security at the NYC Department of Information Technology and Telecommunications. Yisroel oversaw the city’s cybersecurity program, as well as the 911 public safety answering center II. He worked closely with over sixty agency CIOs to securely enable city services and strengthen public trust in local government. Prior to this position, he served as Associate Commissioner of Network and Telecommunications where he was responsible for the city’s voice and data communications infrastructure, which included the 311 call center. Yisroel has been with the City of New York for over eleven years, where he greatly enhanced the resiliency and efficiency of the city’s infrastructure services and significantly reduced operational costs. He has also initiated innovative technologies that greatly contributed to the Sandy storm recovery efforts in 2012. Yisroel founded and co-chaired the Cyber Interagency Working Group, which consists of over 50 organizations from the public and private sector, law enforcement and critical infrastructure, to promote cybersecurity awareness and information sharing.