Alright, here’s the thing. Everyone in the IT security arena is talking about how to effectively shield your organization from threats. I recently saw researchers publishing their findings on security flaws with cheeky titles like “Did your HTTPs break?” Well, let’s get this straight – you can never be 100% secure.
Say you identify a vulnerability, then you deep-dive into it to determine if any security breach has happened. Depending up on the severity and criticality of the breach, you may decide to take security measures. But as organizations embrace new technologies, threats continue to proliferate. Add to that BYOD, and your security woes multiply.
Resilience through a proactive game plan
Chances for configuration errors and human errors occurring every now and then are very high and some security incidents can prove fatal to your business. To avoid such catastrophes, you need to be well equipped in advance and have proper plan in place.
Looking into managing vulnerabilities from Gartner’s eyes:
Policy definitions – baseline the environment for vulnerabilities – prioritize mitigation activities – shield the environment – eliminate the root cause – maintain and continually monitor for deviations.
To minimize damages, you need to detect and respond to events that threaten your IT infrastructure right when they happen, not hours or days later. This is where Security Information Event Management (SIEM) can come in handy. It is advisable to use a SIEM security software, as humans would find it virtually impossible to read all of the events occurring in IT and be able to analyze and correlate activity across the various components of IT. Also it makes utmost sense if it uses active responses to respond to critical events, and shuts down threats immediately. Some useful built-responses include:
- Enable and disable accounts
- Send incident alerts, emails, pop-up messages, or SNMP traps
- Add or remove users from groups
- Block an IP address
- Detach USB devices
- Kill processes by ID or name
Event correlations need to be executed in memory and in real time. Having a good event log analyzer, will help you automate alerts and trigger actions based on what is happening in your network and systems. This lets you effectively identify and respond to threats in real time, rather than being reactive. To make the analysis more efficient, you need to collect and consolidate log data across the IT environment, and correlate events from multiple devices in real-time.
Stay proactive, stay vigilant!!