I know what you’re thinking… why “kung fu?” and “What does martial arts have to do with IT security and how I protect my network?” Well, kung fu is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline, and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we’ve identified with IT security.
Today’s Cybersecurity Climate
According to Forbes®, the cybersecurity marketplace is predicted to be worth $170 billion by 2020—that’s over double its reported size in 2015. But, perhaps most telling of the threats business truly face is the fact that the costs associated with cybercrime are projected to exceed $2 trillion by 2019.
What’s fueling this growth? Well, there are certainly a number of factors, but what’s clear is that hacker motives have strongly shifted towards “financial gains,” at least according to SolarWinds Head Geek™, Destiny Bertucci. While shock-value/notoriety/entertainment supported hacking in its early rise, money has been a major influence in its more recent uptick. Hackers have a lot to gain, and we all have a lot to lose.
Another issue at the root of this rise in cybercrime costs (and the cybersecurity market’s corresponding growth) is the pervasiveness of these crimes. Gone are the days where these modes of attack were reserved for top-notch, tech savvy, and highly motivated individuals. Today, Crime-as-a-Service underpins cybercrime and the technical layman is now being armed with the ability to launch an attack.
Whether or not you’re explicitly tasked with upholding IT security for your business, given the current outlook, it is now everyone’s responsibility. It is no longer a matter of if you’ll get hacked, but when. IT security solutions today are about limiting the attack surface, applying defense in-depth strategies, and leveraging a multitude of tools (not just one or a few) to do so.
We recently opened our cyber-dojo to allow our very own Security Kung Fu Masters to bestow their wisdom and teachings unto the larger IT community. Black belts in white hat hacking, industry mavens, scholars of security, and even former compliance auditors joined ranks to discuss these very subjects in a four-part webinar series aptly named “Security Kung Fu.” If you missed the live versions of these sessions, no need to worry—we have made them all available on-demand for your viewing pleasure. Read along to see what each stage in this journey had to offer.
In Part 1, we took an in-depth look at the cybersecurity climate businesses are currently facing and educated ourselves on the cybercrime industry as a whole. Using the Lockheed Martin Cyber Kill Chain® as an example, we discussed the role SIEM solutions play in identifying security threats and discussed the unique capabilities of such solutions to allow users to go back in time to conduct forensic analysis of security incidents and verified threats.
Playing With Fire(wall) Logs
Part 2 of the series turned our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack that have been demonstrated countless times by hackers, we showed how firewall log data can give notice of network infiltration attempts, data exfiltration, and more. Beyond that, we discussed how Network Configuration and Change Management (NCCM) solutions can contribute to a deeper IT security solution by helping to alert you to config changes on firewalls (and other network devices), in addition to a host of other capabilities.
The Security Threats From Within
In Part 3, we took an introspective look to discuss the threats coming from within, or at least identified from within a business' own network. We looked at how Active Directory® changes such as adding users to privileged groups, escalating privileges, and changing user accounts may not only be indicators of malicious activity on the network, but the very acts themselves can create security holes that may lead to future compromises. We discussed the need to track these changes appropriately in order to give critical insight into anomalous activity and promote the long-term security health of an IT operation.
Two Schools of Thought: Security vs. Compliance
Part 4, the final chapter of the Security Kung Fu Series, we covered a subject that had only served as an undertone in our previous sessions: compliance. We discussed why letting compliance rule the security strategy for a business can ultimately lead to pitfalls that compromise both objectives.