January 14, 2020
Every organization works hard to attain a healthy security posture.
But what does that mean? It involves a properly resourced team of information security experts working to leverage the latest information security tools. The job of the security team is to prevent attacks before they happen, protect the organization in the case of an attack, detect attacks that would otherwise go unnoticed, and respond accordingly.
Every security posture is built on four pillars:
- Prevention: Preparing and training before a threat/attack
- Protection: Stopping a known threat/attack
- Detection: Detecting an unknown threat/attack
- Response: Taking action towards a threat/attack
Prevention focuses on preparation, simulation, testing, and training to educate your employees on common attacks so they will be more prepared to handle real situations. Prevention includes:
- Employee training on how to identify phishing, malware, and social engineering
- Penetration testing: Hiring a certified ethical hacker to "hack" a specific network/system and expose potential vulnerabilities to show you how to prevent this type of attack.
- Vulnerability assessment: Scanning your assets to discover which ones are vulnerable to an attack and which devices have not been patched.
- Tabletop exercises: Hiring a team of information security experts to sit down with your key stakeholders and simulate an attack to expose the type of response elicited (or lack thereof).
Prevention gets a lot of attention because the idea of stopping an attack before it starts sounds great in theory. However, the threat landscape is so dynamic that it is literally impossible to stay ahead of the latest attack vector. This is one of the many reasons why there is no silver bullet in information security.
The idea of stopping an attack is appealing because it makes us feel like we have control. However, protection is elusive, and there are infinite ways an attacker can get through or go around a protection tool. Furthermore, anytime you start dealing with tools or products that can block network traffic, it can potentially have an impact on normal business processes. Protection includes:
- Endpoint protection
- DNS filtering
Detection and response
If prevention and protection were enough to stop cyberattacks, information security wouldn't be the fastest-growing sector in tech – and more specifically, detection and response wouldn't be the fastest-growing sub-sector in information security. The fact is that detection and response have been deemed the highest priority by almost all information security professionals. Most organizations have accepted the fact that their resources are better spent detecting an attack and responding accordingly rather than having a false sense of confidence. Detection and response tools are known as:
- SIEM: Security Information Event Management
- SOAR: Security Orchestration Automated Response
- Log Management: Storing and managing logs
- IDS: Intrusion Detection System
- UEBA: User Entity Behavioral Analytics
The root of the problem
The challenge is that most organizations don't have the resources to focus on every aspect of information security, so they have to prioritize which pillars to invest in and how. For most organizations, leveraging a combination of in-house security practices and outsourcing the more complex and expensive practices is the perfect blend. However, outsourcing can be confusing because information security is a complex topic with its own language.
Organizations that focus on prevention and protection in-house while outsourcing detection and response have the strongest security posture, with the most amount of control and the least amount of capital expenditure. The key is finding an information security company you can trust, and coming up with a tailored solution that works for your organization.