​Solve Security Complexity With Simplicity

Nathan Wenzler

  • Principal Security Architect, AsTech Consulting,
Nathan Wenzler is the Principal Security Architect at AsTech Consulting, a leading information security consulting firm. Nathan has nearly two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations. Nathan has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort.

Another day, another data breach in the news. Articles going on at length about the latest state-sponsored attack on systems which has resulted in an intelligence leak. And, of course, there’s the endless parade of personal stories shared throughout the Information Security community of another malicious insider, ransomware attack or new phishing scheme that security professionals are trying to combat.

In the current scheme of things, the cybersecurity battlefield is an ever-changing, fast-paced war zone where security teams all over the world are doing everything they can to prevent disasters and mitigate risks whenever and wherever they find them. As time has gone on, decision makers within the Information Security groups find themselves bombarded with vendors promising the latest and greatest tool that will solve all of their security woes. These tools often come with fancy acronyms, and tout their ability to single-handedly reduce all the risk within your environment. For managers and executives who are trying to do the right thing with limited budgets and smaller teams, the panacea offered can sound too good to be true.

The trouble is, it usually is.

Over the past decade, we can roll out a whole string of very solid security tools that, while useful, may not necessarily be the ideal first step to lowering your overall risk. And while these tools evolve, they simply become harder to deploy, more expensive to procure and maintain, and never seem to fully realize the promised benefits.

Let’s talk about one example.

Several years ago, I recall Log Management being a key offering that promised true visibility, aggregation of all activity on your network, and a way to give your security team the means to find holes before they are found by the bad guys. But, it was hard to pull the data together, and once you had it, it was nearly impossible to do anything useful with it. Then, Security Information and Event Management (SIEM) tools were the answer to gaining visibility, as they could allow you to search for and be notified automatically of certain events that were found within all the logs in your environment. However, it was quickly revealed as creating an overwhelming amount of data for humans to go through, and still didn’t have the intelligence to truly deliver credible, actionable event data that made up for the return on investment and the huge overhead to maintain.

Recently, User Behavioral Analysis (UBA) tools promise the automated machine learning that the others promised, but still comes with the same cost, expense to maintain, and overall complexity that, for many organizations, simply isn’t worth the cost for the amount of risk these systems are truly able to reduce.

This is especially true when you consider that most of these organizations who struggle with the latest-and-greatest security tool out there, still aren’t doing the very basic, simple things within their organization that can legitimately and effectively reduce their overall risk. If you’re considering some of these more advanced tools, ask yourself if your organization already has the following security functions in place:

  • Patch Management – Regular application of patches to all devices in your network, and not just servers, is a critical step to reducing overall risk. Desktops, laptops, network equipment and applications all can be compromised and then used as staging points for more attacks. Many organizations don’t apply patches everywhere or consistently, and this can close many of the holes attackers use to break into your systems and steal data.
  • Credential Management – Is your organization restricting the use of admin credentials? If not, you should be. Administrator credentials are one of the most heavily targeted assets that hackers are looking for, because these credentials are authorized to have access to most everything. Steal one of these credentials, and an attacker doesn’t have to break into anything else, they can just walk through the front door. Properly managing credentials like this is a relatively simple step with today’s tools, and can have huge security benefits throughout the organization.
  • Secure Application Development – Are your developers trained and well-versed in secure coding practices? Application attacks are on the rise, and once an attacker can breach the application, they have a simple avenue to gather data and continue attacking the rest of your infrastructure. Make secure coding a requirement, train developers and create solid playbooks for your dev teams to follow when creating software for your customers or for use within the organization.

Getting back to some of the very simple, basic security practices that have been touted for years will help reduce the overall complexity of the attack vectors in your environment. This will make other tools much more effective and allow them to better deliver the return on investment that executives are looking for.

Focusing on these fundamental security functions also allows for quick, effective wins for your security team, allowing you to establish better credibility and be in a better position to implement the more complex, detailed security tools that are coming out every day

Tags: ransomware attack, Security Information and Event Management (SIEM), Credential Management

Show Comments