Another day, another data breach in the news. Articles going on at length about the latest state-sponsored attack on systems which has resulted in an intelligence leak. And, of course, there’s the endless parade of personal stories shared throughout the Information Security community of another malicious insider, ransomware attack or new phishing scheme that security professionals are trying to combat.
In the current scheme of things, the cybersecurity battlefield is an ever-changing, fast-paced war zone where security teams all over the world are doing everything they can to prevent disasters and mitigate risks whenever and wherever they find them. As time has gone on, decision makers within the Information Security groups find themselves bombarded with vendors promising the latest and greatest tool that will solve all of their security woes. These tools often come with fancy acronyms, and tout their ability to single-handedly reduce all the risk within your environment. For managers and executives who are trying to do the right thing with limited budgets and smaller teams, the panacea offered can sound too good to be true.
The trouble is, it usually is.
Over the past decade, we can roll out a whole string of very solid security tools that, while useful, may not necessarily be the ideal first step to lowering your overall risk. And while these tools evolve, they simply become harder to deploy, more expensive to procure and maintain, and never seem to fully realize the promised benefits.
Let’s talk about one example.
Several years ago, I recall Log Management being a key offering that promised true visibility, aggregation of all activity on your network, and a way to give your security team the means to find holes before they are found by the bad guys. But, it was hard to pull the data together, and once you had it, it was nearly impossible to do anything useful with it. Then, Security Information and Event Management (SIEM) tools were the answer to gaining visibility, as they could allow you to search for and be notified automatically of certain events that were found within all the logs in your environment. However, it was quickly revealed as creating an overwhelming amount of data for humans to go through, and still didn’t have the intelligence to truly deliver credible, actionable event data that made up for the return on investment and the huge overhead to maintain.
Recently, User Behavioral Analysis (UBA) tools promise the automated machine learning that the others promised, but still comes with the same cost, expense to maintain, and overall complexity that, for many organizations, simply isn’t worth the cost for the amount of risk these systems are truly able to reduce.
This is especially true when you consider that most of these organizations who struggle with the latest-and-greatest security tool out there, still aren’t doing the very basic, simple things within their organization that can legitimately and effectively reduce their overall risk. If you’re considering some of these more advanced tools, ask yourself if your organization already has the following security functions in place:
Getting back to some of the very simple, basic security practices that have been touted for years will help reduce the overall complexity of the attack vectors in your environment. This will make other tools much more effective and allow them to better deliver the return on investment that executives are looking for.
Focusing on these fundamental security functions also allows for quick, effective wins for your security team, allowing you to establish better credibility and be in a better position to implement the more complex, detailed security tools that are coming out every day