What companies need to do today to boost cybersecurity is to not only boost security defenses, but to make sure they have modern mechanisms in place to use those security tools and get maximum value out of those tools.
The best example: Automation. The speed and intensity of attacks is such that enterprises need to come up with new ways to keep up. After all, the best way to slow down a meaningful defense is to hide/obscure the attack for as long as possible. That typically means either an undifferentiated flood of simultaneous attacks–to hide the actual attack–or to stage one large focused attack, such as a DDOS, to take attention away from the real target, such as rerouting Payroll payments or downloading a half-petabyte of customer data. Otherwise, Security will waste lots of time chasing down bogus alerts–which is precisely what the attackers want.
Automating incident response and investigation as much as possible, along with leveraging machine learning to allow the system to figure out what to do, is an ideal way to quickly identify the real attack so that the SOC team can minimize impact of the attack. A big challenge for security today is that many enterprises have not sufficiently changed their security defenses over the last several years, despite the fact that the attack surface they are defending has dramatically changed. How so? Much higher cloud usage than had been projected for 2022, Remote sites have soared On-prem has shrunk faster than expected for 2022 Partners (contractors, suppliers, distributors, supply chain, large customers, etc.) are demanding and being granted far deeper access to data, apps and systems IoT and IIoT increasing rapidly, including IoT with independent communications capabilities (antenna) and secret IIoT. Secret IIoT such as manufacturing systems that the enterprise has used for decades, but the vendor has now added IIoT devices without telling the enterprise. Surprise! And yet, the cybersecurity defense strategies are relatively the same. Please don’t get me wrong. Tools and apps and network appliances have been repeatedly upgraded, with better security. But the defense strategy is pretty much the same, despite the cybersecurity landscape being entirely different.
Enterprises need to embrace the intent of modernizing security, including seriously starting the journey to true zero trust, boosting authentication (including behavioral analytics, continuous authentication, and robust MFA, which means excluding weak efforts such as unencrypted SMS). Are enterprises truly using modern security? Are they leveraging network segmentation via DNS? Do they have strong meaningful real-time visibility into what OT systems are on the network and what are they doing? Enterprises need to maintain a list of domains that are frequently visited and match them to domain reputations.
Those partners that are now getting deeper access? Contracts with those partners must now insist on the partner matching the enterprise’s security level, verified by routine third-party audits. There are many straight-forward approaches to security modernization. The most critical first step, though, is making sure that your enterprise is focusing on what it needs to defend and protect, which includes leveraging what you can from your existing systems. But if you limit your efforts to slightly upgrading what you already have, you may find that your arsenal is no longer up its task.
(Source : Infoblox.com)
For reading more interesting trends, whitepapers and perspectives on cybersecurity, please visit Security Edge
