Blog | Contributors | Subscribe | Contact Us | Skybox Home

New security management Guidlines from the SEC

Wednesday, February 1, 2012 - 11:51
Author: Gina Gysin  

The SEC Suggests to Stay Compliant and Prevent Attacks 

Very recently, the Securities and Exchange Commission (SEC) released a guidance document that strongly suggests companies pay more attention to "assessing the impact of cyber security attacks and its outcome; especially as it relates to weaknesses in the security posture and preventive measures of the organization."
What does this mean? Well, in a nutshell -  protect your network by finding all possible security gaps and fixing them before they can be exploited. How?  First, your security team needs the right tools to help you lower the risk of cyber attack.

You'll need tools that can help you:

  • Continuously audit security device configurations daily--You must analyze all your  network security devices in minutes for rule policy and configuration compliance
  • Validate planned changes in advance—It's vital to test planned network changes in advance to catch errors before they can be exploited
  • Find risky access paths--You need the ability to model your entire network infrastructure to view and find all access paths to important assets
  • Close off vulnerabilities—You should be able to simulate potential attacks to find and fix the most critical vulnerabilities first
Share

Is your Security Management Program like Whack-a-mole?

Tuesday, November 1, 2011 - 06:58
Author: Michelle Johnson Cobb  technology marketing leader, Skybox Security

What’s not to love about Whack-a-mole?  I remember that gleeful carnival game where my brother and I would focus on beating mechanical rodents as fast as possible with a huge mallet.  My parents would stand in the back laughing until their sides hurt, and one of us walked away with a cheap stuffed animal.

Whack-a-mole isn’t so much fun when you are an IT security manager and you are forced to play the game every day.  

At a recent security conference, I asked a CISO from a global manufacturing company to estimate much time his team spent on reactive versus proactive security management.   “We easily spend 90% of our time being reactive,” he said.  “The team responds to alerts, troubleshoots connectivity issues, and performs assessments as fast as possible to avoid delaying new service rollouts.  We’d like to be more proactive, but there just isn’t time. ”

Quite a catch-22.  What’s a security professional to do when you are so overloaded beating down the next ugly issue rather than planning ahead to avoid major problems.  Studies estimate that it generally takes about 3X longer to correct the damage from a data breach or attack than it does to resolve the root causes in advance.  Whack-a-mole is not an efficient way to problem solve.

Starting with that 3X number, I did a quick back-of-envelope calculation.  By my guesstimate, security teams at Fortune 500 companies waste at least $400M every year through missed opportunity to avoid an incident in the first place.   

It’s clearly time to redirect that effort and expense to better use. 

So where to start?  Do a quick survey of your security team and find out the top areas where you are stuck in endless whack-a-mole game.  Most likely the list includes a lot of data collection, manual analysis, and reporting tasks, clear opportunities to automate security tasks.  Firewall analysis, compliance assessment, and vulnerability assessments are all likely suspects for major time and cost savings. 

 

For example, using an automated tool like Risk Control to prioritize vulnerabilities according to real network topology and risk factors helps you predict the most damaging ‘moles’ in advance and retire them before they are exploited by an attacker.  Speeding through a proactive correlation of vulnerabilities, threats, access paths, and target assets in a large network to find the top vulnerabilities that are most likely to be exploited is a math problem best solved by a computer.   With a predictive approach and automation, you can get back to spending more time on more engaging security management tasks. 

Share

Five Best Practices to reduce the chance of a cyber attack

Tuesday, October 11, 2011 - 08:37
Author: Michelle Johnson Cobb  technology marketing leader, Skybox Security

Reducing the risk of cyber attacks is something that is on the mind of most IT security professionals. Nobody wants to be the next cyber casualty. Waiting for budget approval for security expenditures can be brutal – especially in this economy.

However, there are a few basic best practices that, if followed in a timely manner, can reduce the number and potential severity of security gaps that could be exploited.

1.) Conduct risk based patch management and patch the most dangerous vulnerabilities first. For many organizations the time between a vulnerability being discovered, and when it is patched, can be months.

2.) Establish a firewall configuration and stick to it.  While deploying Skybox solutions we have found that while most organizations have policies, there is often a big difference between how the firewalls are configured and what the policy states. 

3.) Continually review the firewall rule base to look for potential errors or policy violations and fix them as soon as practical.

4.) Set up a firewall change review process. This allows organizations to analyze planned changes from a risk perspective and then adjust the suggested changes to avoid open doors into their network.

5.) Be proactive. Don’t wait for an attack to put in place a systematic approach to review and address cyber risks. It doesn’t make sense to close every security gap. First concentrate on what is critical to the security of your organization.

The final best-practice I would suggest is to implement automated solutions such as Skybox® Firewall  Assurance or Skybox® Risk Control as soon as possible. This will not only save security management time and reserve valuable resources for more strategic tasks, but can also have a huge ROI impact for any organization.

Share

Combating APTs – Are there gremlins in your network?

Friday, September 9, 2011 - 09:32
Author: Michelle Johnson Cobb  technology marketing leader, Skybox Security

Are you being kept awake at night worried about the possibility of network gremlins, aka Advanced Persistent Threats (APTs), running loose in your network? If so, you are not alone. With continuing news coverage of sophisticated and targeted attacks that can go undetected for months, I wonder if any IT security professionals actually sleeps through the night.

Perpetrators of APTs are patient and well -- persistent. If there is a security gap (and whose network doesn’t have one) they will find it. But before you lose hope, there are steps you can take to significantly lower the risk of attack or focus your limited IT security resources to shine a spotlight on suspicious activities.

1.) Know your network. The fact is, complex networks are hard to keep track of and pinched budgets mean that too few people have the correct tools to completely map their network. When a new customer first sees a Skybox map of their network, the reaction is inevitably “I didn’t know that was there!” The surprise might be a collection of unapproved devices, a wireless network that isn’t supposed to exist or an access path from the internet to an important asset. How do you defend a network if you aren’t sure what it looks like? It’s also easier to sell upper management on the need for additional resources when they see the complete picture.

2.) Automate. If you are still trying to manage your network security manually, stop. A CISO told me recently that their security team was being “nickel and dimed to death”, with tons of time spent reviewing growing sets of firewall rules and sifting through endless vulnerability reports. Many daily security activities start with tasks that can be automated – data collection, correlation, analysis, alerting, reporting. Automate the time-consuming (but necessary) tasks, and precious security expertise can be applied better elsewhere.

3.) Be proactive in addressing the known security holes. While an APT using a zero-day vulnerability is frightening, In ComputerWeekly.com security expert, Ionut Ionescu, noted “they [APT attackers] used not only attack vectors specific to sometimes obscure equipment, but also attack vectors against well-known, publicised and patchable vulnerabilities.” Close the open doors and windows quickly, and you’ll lower the chance and exposure window of a potential attack. Tools such as Skybox Risk Control find and prioritize ‘exploitable vulnerabilities’ based on a combination of vulnerability scan data, threat information, and a view of the asset information.

Risk reduction requires continuous monitoring and determined effort. Whether you are concerned about APTs or just fighting garden-variety malware and cyber criminals, you can put into place the tools and processes for easier to conduct daily, systematic, and measurable risk reduction. Also, it might help you get some sleep.

Share

Cisco’s 2011 Global Threat Report: A Response and a call for an “Advanced Persistent Security” approach

Tuesday, August 16, 2011 - 07:25
Author: Michelle Johnson Cobb  technology marketing leader, Skybox Security

In Cisco’s 2011 Global Threat Report, they note that “there is no ‘silver bullet’ for identifying them [Advanced Persistent Threats (APTs)] in a network. And it is true. There isn’t.

One of the main strengths of the report is that it acts as a reminder to every security professional of the cyber threats we face every day.  I agree with the report that no single approach to defending an organization from APTs is going to be work. However, the report does not address several key issues that impact the ability of the security team to effectively mitigate risk.

There are two vital elements and a mindset that security professionals should consider when protecting their organization from APTs:  Proactive Risk Reduction, and Automation.

Practice proactive risk reduction. In the report, the set of recommendations are exclusively reactive -- suggesting that you can reduce the damage of APTs by reacting faster to incidents. Reducing the risk level *before* the attack occurs is better, and complimentary. 

The report begins by reminding us that an intruder bent on stealing corporate secrets no longer needs to gain physical access to do so. But just because that is the case – it doesn’t mean you should throw out lessons learned in a different arena. 

Let’s say you’re a facilities security manager and you must reduce risk. Your job is to keep unauthorized people out. The building has 100’s of ways in – doors, windows, skylights, holes in the roof, and tunnels.  Would you decide to station personnel at every point of entry? Probably not.  If you could, would you permanently close off the unnecessary points of entry? Yes. Similar to cyber security, this approach closes off many attack vectors and reduces the amount of monitoring and effort required to check for intruders at the few access points left.  Bonus - you reduce the potential for remediation workload.

Automation is vital. Using a highly skilled security team to figure out which of 20,000 vulnerabilities need to be patched every week doesn’t give them a lot of time left over to look for a serious security incident – that may or may not exist.  It’s amazing the amount of time and money spent collecting, correlating, verifying, prioritizing and analyzing data that is 80-90% noise. 

Security teams are already overburdened and overextended. The sheer deluge of security incidents, data produced by security controls, and the growing complexity of enterprise networks means the game is stacked. Automating the most resource-intensive security activities – such as data collection, correlation, analysis, and prioritizing incidents means that the security team can focus their attention on the most critical security tasks and levels the playing field.

My suggestion to security personnel trying to find an effective way to deal with Advanced Persistent Threats is that they need to consider how to deploy “Advanced Persistent Security” in their organizations.  Using intelligent and proactive tools to find and mitigate risks, plus automation to use daily and repeat often, is a pragmatic approach for effective security management.

Share