Read This To Ensure That Operational Problems Do Not Become Security Issues – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

 

Return to Essentials With Hygiene And Avoid Serious Problems

When you were a kid you will have been taught that brushing your teeth effectively and flossing will avoid the need for pricey crowns and root canal procedures. Basic health is way simpler and far cheaper than neglect and disease. This same lesson applies in the realm of enterprise IT – we can run a sound operation with correct endpoint and network hygiene, or we can deal with mounting security problems and disastrous data breaches as lax hygiene extracts its difficult toll.

Functional and Security Issues Overlap

Endpoint Detection and Response (EDR) tools like those we have created here at Ziften supply analytic insight into system operation across the enterprise endpoint population. They likewise supply endpoint-derived network operation insights that substantially broaden on wire visibility alone and extend into virtual and cloud environments. These insights benefit both security and operations groups in considerable ways, given the considerable overlap between functional and security issues:

On the security side, EDR tools offer critical situational awareness for event response. On the functional side, EDR tools provide vital endpoint visibility for functional control. Important situational awareness demands a baseline understanding of endpoint population running norms, which comprehending facilitates correct operational control.

Another method to explain these interdependencies is:

You cannot protect what you do not manage.
You cannot control what you don’t measure.
You can’t measure what you do not track.

Managing, measuring, and monitoring has as much to do with the security role as with the functional role, do not aim to split the child. Management indicates adherence to policy, that adherence must be measured, and operational measurements constitute a time series that must be tracked. A few sporadic measurements of important dynamic time series lacks interpretive context.

Tight security does not make up for lax management, nor does tight management compensate for lazy security. [Check out that once more for emphasis.] Mission execution imbalances here lead to unsustainable ineffectiveness and scale obstacles that inevitably cause significant security breaches and operational shortages.

Areas Of Overlap

Substantial overlaps between functional and security problems consist of:

Configuration hardening and basic images
The group policy
Application control and cloud management
Network division and management
Security of data and file encryption
Asset management and device restoration
Mobile device management
Log management
Backups and data restoration
Vulnerability and patch management
Identity management
Management of access
Employee continual cyber awareness training

For instance, asset management and device restore as well as backup and data restore are most likely operational group responsibilities, however they end up being significant security problems when ransomware sweeps the enterprise, bricking all devices (not just the typical endpoints, but any network connected devices such as printers, badge readers, security cams, network routers, medical imaging devices, commercial control systems, etc.). Exactly what would your business response time be to reflash and revitalize all device images from scratch and restore their data? Or is your contingency plan to immediately stuff the attackers’ Bitcoin wallets and hope they haven’t exfiltrated your data for further extortion and monetization. And why would you offload your data restoration obligation to a criminal syndicate, blindly trusting in their perfect data restoration integrity – makes absolutely zero sense. Operational control responsibility rests with the business, not with the opponents, and may not be shirked – shoulder your duty!

For another example, standard image construction using best practices setup hardening is clearly a joint responsibility of operations and security staff. In contrast to inefficient signature based endpoint protection platforms (EPP), which all large business breach victims have actually long had in place, setup hardening works, so bake it in and continuously revitalize it. Likewise consider the needs of business personnel whose job function needs opening of unsolicited email attachments, such as resumes, billings, legal notices, or other required files. This must be done in a cloistered virtual sandbox environment, not on your production endpoints. Security staff will make these decisions, however operations staff will be imaging the endpoints and supporting the workers. These are shared duties.

Example Of Overlap:

Use a safe environment to detonate. Do not utilize production endpoints for opening unsolicited but needed email files, like resumes, invoices, legal notices, and so on

Focus Limited Security Resources on the Tasks Only They Can Perform

A lot of big businesses are challenged to successfully staff all their security functions. Left unaddressed, deficiencies in functional efficiency will burn out security staff so quickly that security functions will constantly be understaffed. There won’t be enough fingers on your security group to jam in the increasing holes in the security dike that lax or inattentive endpoint or network or database management produces. And it will be less hard to staff operational roles than to staff security roles with gifted analysts.

Transfer routine formulaic activities to operations personnel. Focus restricted security resources on the jobs just they can carry out:

Security Operations Center (SOC) staffing
Preventative penetration screening and red teaming
Reactive occurrence response and forensics
Proactive attack searching (both insider and external).
Security oversight of overlapping functional functions (ensure existing security frame of mind).
Security policy advancement and stake holder buy-in.
Security architecture/tools/methodology design, selection, and development.

Impose disciplined operations management and focus limited security resources on vital security roles. Then your business might prevent letting operations concerns fester into security issues.