Gidi Cohen, Skybox Security: Your IT Police, Proactive Security
March 2010 by Gidi Cohen, CEO and Founder, Skybox Security, Inc.
With new Web threats constantly emerging, it’s hard enough just keeping pace with change. So is there a way to nullify threats and stop potential attacks before they begin? Gidi Cohen, CEO and Founder of Skybox Security shows how.
When the global economy is in slowdown, there’s one sector that remains buoyant: crime. Illegal and illicit activities invariably rise as legitimate business falls, so it’s no surprise that the last 18 months have seen a rise in e-crime, using a combination of hacking and malware.
For example, in July 2009 web services provider Network Solutions announced that hackers had breached its servers and stolen details of over 573,000 credit card accounts from its customers. The servers provided e-commerce services to nearly 4,500 online stores. The hackers also left behind malicious code, enabling them to intercept financial information from March to June 2009 – making it one of the biggest e-crimes ever recorded.
What’s particularly significant here is that the illegal activity took place over a period of months. This highlights the fact that IT security is a continuous activity. If an organisation’s security program doesn’t adapt quickly in response to changes and emerging threats, then defences weaken and the organisation becomes vulnerable.
With new threats outside the network perimeter, and constant change within, the big issue now facing IT teams is no longer “what security do we need to deploy?”, it’s “how do we manage the security we have?”
With less time available to deal with fixing security problems, an organisation’s security infrastructure must be effective without the need for constant maintenance. IT teams need a security solution that is proactive, not reactive: one that is capable of policing itself, and keeping ahead of threats.
So how do organisations achieve this? The answer is to take a holistic approach to security. This involves three key stages: implementing risk-based security assessments, automating risk management processes, and defining a proactive security plan.
The most effective way to improve security is by employing a risk-based approach to security management. With this, organisations can focus on reducing the risk to their critical infrastructure to a minimal level and keeping that level low.
By assessing the actual exposures of the network, given information about network topology, vulnerabilities, asset criticality to the organisation, and the configuration of security controls in place (e.g., firewalls, intrusion prevention systems), organisations can target resources where the security gaps are the widest and most dangerous.
Automating risk management
As the threat landscape develops rapidly, and the IT infrastructure changes daily to meet business needs, one-time or periodic risk assessment and mitigation is not sufficient. Automating risk management processes is critical; without automation it is impossible for IT teams to re-evaluate, adjust, and track progress at a pace that matches evolving threats and networks.
Automated tools can provide a complete and accurate picture of the organisation’s network, making it possible to simulate attack scenarios and compare possible responses. This reduces human error, gives management a dashboard view of security, availability and compliance exposures, and gives IT teams accurate and prioritised action items to mitigate critical risks.
Proactive security planning
Once a risk-based security management approach has been implemented, and automated tools are in place, the IT team has a foundation for a repeatable proactive security system. This system can be used to prevent security breaches, by predicting possible attacks and deploying a defence plan in advance, or as an emergency response system to quickly close the window of risk exposure and limit potential business impact. By integrating the solution with day-to-day operational processes, IT teams can focus on the real security priorities that affect them, keep up with internal network changes, and avoid reactively bouncing from incident to incident.
This approach saves time, frees staff for other strategic IT tasks, and delivers ongoing, measurable improvements to security that can be continuously verified – making it easier to police your networks against e-crime.