Is your data secure? Think again. Securing data is unlike any
other corporate asset, and is likely the biggest challenge your
company faces today. You may not see it, but almost all of your
company's information is in digital form somewhere in the system.
These assets are critical because they describe everything about
you; your products, customers, strategies, finances, and your
future. They might be in a database, protected by data-center
security controls, but more often than not, these assets reside
on desktops, laptops, home computers, and more importantly in
email or on some form of mobile computing device. We have been
counting on our firewall to provide protection, but it has been
estimated that at least fifty percent of any given organization's
information is in email, traveling through the insecure
cyberspace of the Internet.
Digital Assets are Unique
Digital assets are unlike any other asset your company has.
Their value exceeds just about any other asset your company owns.
In their integral state they are worth everything to your
company; however, with a few "tweaks" of the bits they are
reduced to garbage. They fill volumes in your data center, yet
can be stolen on a keychain or captured in the air. Unlike any
other asset, they can be taken tonight, and you will still have
them tomorrow. They are being created every day, yet they are
almost impossible to dispose of, and you can erase them and they
are still there. How can you be sure that your assets are really
safe?
Understanding Physical Security Architectures
Physical assets have been secured for thousands of years,
teaching us some important lessons. An effective security
architecture uses three basic security control areas. Let's
assume you want to create a secure home for your family; what
would you do? Most of us started with the basics; doors,
windows, locks, and perhaps a fence. Second, we rely on
insurance, police protection, and we may have even purchased an
attack dog or a personal firearm. Given these controls, you may
have taken one more step to provide some type of alarm. Not
trusting your ears to detect an intrusion, you might have
installed door and window alarms, glass break sensors, or motion
detection. You may have even joined the neighborhood watch
program in your area. These are the controls everyone uses, and
they are similar to the controls that have been used since the
beginning of mankind.
Which is most important? Looking at the three categories of
security controls used, the first consists of protective devices
that keep people out; doors, windows, locks, and fences.
Secondly, alarms notify us of a break-in. Finally we have a
planned response control; the police, use of a firearm, or
recovery through insurance. At first glance it may appear that
the protective controls are the most important set of controls,
but a closer look reveals that detection and response are
actually more important. Consider your bank; every day the doors
are open for business. This is true of just about every
business, home, or transportation vehicle. Even the bank safe is
generally open throughout the day. You can see it from the bank
teller counter, but step over the line and you will find out how
good their detection-response plan is.
Evaluating your Company's Approach
Now look at your digital assets; how are they protected? If you
are like most organizations, your entire security strategy is
built on protection controls. Almost every organization in
America today has a firewall, but does not have the ability to
detect and respond to unauthorized users. Here is a simple test;
run a Spyware removal program on your system and see what comes
up. In almost every case you will find software installed on
your system that was not installed by an authorized user. In the
past this has been an irritation; in the future, this will become
the program that links uninvited guests to your data. Bruce
Schneier, a well known security author and expert writes in his
book, Secrets and Lies, "Most attacks and vulnerabilities are the
result of bypassing prevention mechanisms". Threats are
changing. The biggest threats likely to invade your systems will
bypass traditional security measures. Phishing, spyware, remote
access Trojans (RATS), and other malicious code attacks are not
prevented by your firewall. Given this reality, a detection
response strategy is essential.
It's time to review your security strategy. Start by asking
three questions. First, which assets are critical to your
business, where are they located, and who has access to them?
Second, what threats exist? Determine who would want your data,
how they might gain access, and where the possible weaknesses in
your security architecture lie. Finally, how comfortable are you
with your company's ability to detect and respond to unauthorized
access. If someone wants access to your data, preventative
measures alone won't stop them.
Begin planning a balanced security architecture. Start by adding
detection controls to your prevention architecture. This does
not mean simply adding intrusion prevention software (IPS), but
rather creating a system to proactively monitor activity.
Intruders make noise, just like in the physical world, and with
proper event management, combined with zero-day defense
technologies of IPS, network administrators can begin to
understand what normal activity looks like and what anomalies
might be signs of an attack. In a recent interview with Scott
Paly, President and CEO of Global Data Guard, a Managed Services
Security Provider (MSSP), Scott said, "Threats such as worms and
new hacker techniques constantly morph, so the most viable model
for optimum security is a blend of preventive and predictive
controls based on analysis of network behavior over time". By
balancing prevention, detection, and response, companies can
defeat most of the latest hacker attempts.
|
