{"id":7616,"date":"2017-05-12T07:01:08","date_gmt":"2017-05-12T15:01:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/12\/news-1401\/"},"modified":"2017-05-12T07:01:08","modified_gmt":"2017-05-12T15:01:08","slug":"news-1401","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/12\/news-1401\/","title":{"rendered":"Is Your Security Team Setup To Fail?"},"content":{"rendered":"

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Fri, 12 May 2017 12:30:49 +0000<\/strong><\/p>\n

\"\"<\/p>\n

The ingredients for strong cybersecurity<\/span> aren\u2019t a secret. In fact, they haven\u2019t changed significantly over the past 20 years\u2014the ingredients are available to almost every organization out there.<\/p>\n

On the surface, doing security isn\u2019t that hard:<\/p>\n

 <\/p>\n

 <\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Patch quickly and frequently.<\/li>\n
  • Use reasonable security controls\u2014intrusion prevention, application control, and anti-malware\u2014and monitor them.<\/li>\n
  • Use two-factor authentication, together with a reasonable password policy.<\/li>\n
  • Classify information as it is created.<\/li>\n
  • Have a good backup system and test it regularly.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

That\u2019s it. Executing well in these areas will stop most attacks and help minimize the impact from those that are successful. So why do most organizations have such a poor security posture<\/a>?<\/p>\n

Organizations\u2014and security teams in particular\u2014claim that cybersecurity<\/span> is everyone\u2019s responsibility<\/a>, but do their actions back up their claims? The root of the problem may surprise you. It starts with the perceived role of security in the organization and the decisions that are based on that perception.<\/p>\n

Here’s how to assess whether your security team is set up to fail.<\/p>\n

The security team’s role<\/h3>\n

The common view of security\u2019s role is to stop\u00a0hackers. Looking around the security community, there\u2019s plenty of material to support that. Most conferences and publications focus on the latest threat or malware variant. Movies always show the hackers taking down the firewall;\u00a0rarely do we watch someone poring over log files.<\/p>\n

A far more realistic and productive definition of the role is to ensure that your systems work as intended\u2014and only as intended. This may seem like splitting hairs, but the definition of the role is critical.<\/p>\n

Stopping hackers is an activity that is viewed as a job with limited scope and a definite perimeter. Ensuring that systems work as intended and only as intended requires multiple teams working together. An isolated team cannot accomplish this goal.<\/p>\n

Centralizing security is a setup<\/h3>\n

The consistency with which security teams are structured is amazing. In all verticals, all regions, and all types of businesses, security teams are built in a purely centralized model. The only thing that changes is the relative scale of the team.<\/p>\n

The teams break down into five areas:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  1. Leadership<\/li>\n
  2. Digital forensics and incident response (DFIR<\/span>)<\/li>\n
  3. Governance, risk, and compliance (GRC)<\/li>\n
  4. Architecture<\/li>\n
  5. Awareness<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

As organizations grow, the leader becomes a CISO<\/span>, and eventually the office of the CISO<\/span>. The other areas of focus also reflect that growth and become dedicated teams rolling up to the CISO<\/span>. Regardless of size, the centralized model rules supreme.<\/p>\n

But isn\u2019t cybersecurity<\/span>\u00a0everyone\u2019s responsibility? This structure runs counter to that goal. It isolates the organization’s security knowledge in one place. This creates three significant problems that the security team is forced to address.<\/p>\n

Communications overhead<\/h4>\n

Every team that the security team needs to communicate with adds overhead\u2014and it needs to work with everyone. Each new link needs to be maintained, and eventually the number of connections becomes overwhelming. This severely impacts the team\u2019s ability to effectively communicate within the organization.<\/p>\n

This is the point when memos and meetings start to become more common. Despite the clear evidence that meetings are ineffective, they are relied on to bring security to the table and make critical decisions. It\u2019s a recipe for disaster.<\/p>\n

Teams within the organization don\u2019t get the information and education they need, and the security team is always struggling to keep up with the latest initiatives. Lose, lose.<\/p>\n

Lack of context<\/h4>\n

A parallel problem to direct communications is a lack of context and supporting information about the state of various IT systems and applications. If the security team\u2019s role is to stop hackers, why would it need business metrics?<\/p>\n

This setup leads the security team to areas it can control. Perimeter defense, endpoint systems, and threat intelligence all provide supporting information to the team to inform members’ decisions. This biases their response to common situations.<\/p>\n

Take for example a massive spike in inbound network packets. If the security team sees an unexpected increase in network traffic from a variety of IP addresses, its (understandable) assumption is that the traffic represents a DDoS attack<\/a>.<\/p>\n

The team is\u00a0missing additional details that would suggest alternative causes. What if this traffic is the result of a wildly successful marketing campaign and the business has had\u00a0a day the sales team previously only dreamt of?<\/p>\n

Without information from key business systems (such as the total number of completed transactions) and application metrics, the security team doesn\u2019t have enough information to make the correct determination. This is the direct result of the isolation of a centralized team structure.<\/p>\n

Attitude<\/h4>\n

Centralization also shapes the perception of both the team members and the rest of the organization. Security is known as the team of \u201cno,\u201d and the security team generally has a negative view of the organization\u2019s users.<\/p>\n

Nowhere is this clearer than in security awareness training. Users are told that they need to select a strong password and then are given arbitrary rules on how to create one. Eight characters, one capital letter, one number, and a symbol. Rinse and repeat every third month.<\/p>\n

This, despite evidence that it leads to poorer security outcomes. Thankfully the NIST guidelines<\/a> have been updated to a more reasonable and secure approach but this bad advice persists.<\/p>\n

We see this attitude in training about phishing attacks. Users are told not to click on links for their own safety. That\u2019s absurd. The sole purpose of a link is to be clicked on.<\/p>\n

The centralized structure discourages empathy and understanding.<\/p>\n

Is decentralizing the answer?<\/h3>\n

Completely decentralizing security isn\u2019t realistic, nor is it the answer. What is needed is a change in perception and attitude for the members of the security team.<\/p>\n

The good news is that understanding the forces at work allows the team to fight against them. A modern security team embraces the need to act as educators within the organization. Its members seek out an understanding of how the business works and build bridges with teams throughout the organization.<\/p>\n

A modern security team works hand in hand with all the teams in the organization to move toward\u00a0a common goal. The teams\u00a0work together to ensure that all systems are working as intended\u2014and only as intended.<\/p>\n

When assessing your security team’s posture, remember: The biggest problem in cybersecurity<\/span> isn\u2019t a technical one\u2014it\u2019s a people problem.<\/p>\n

Originally published on TechBeacon.com<\/a> as, “Is your security team set up to fail?<\/a>“.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Fri, 12 May 2017 12:30:49 +0000<\/strong><\/p>\n

\"\"The ingredients for strong cybersecurity aren\u2019t a secret. In fact, they haven\u2019t changed significantly over the past 20 years\u2014the ingredients are available to almost every organization out there. On the surface, doing security isn\u2019t that hard:     Patch quickly and frequently. Use reasonable security controls\u2014intrusion prevention, application control, and anti-malware\u2014and monitor them. Use two-factor…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10419,714],"class_list":["post-7616","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-industry-news","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7616"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7616\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7616"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}