cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Security Kung Fu: The Saga Begins

Level 11

I know what you’re thinking… why “kung fu?” and “What does martial arts have to do with IT security and how I protect my network?” Well, kung fu is a Chinese term referring to any study, learning, or practice that requires patience, energy, hard work, discipline, and time to complete. So, really, it’s not just martial arts. Perhaps, by this definition, you’re starting to see the parallels we’ve identified with IT security.

Today’s Cybersecurity Climate

According to Forbes®, the cybersecurity marketplace is predicted to be worth $170 billion by 2020—that’s over double its reported size in 2015. But, perhaps most telling of the threats business truly face is the fact that the costs associated with cybercrime are projected to exceed $2 trillion by 2019.

What’s fueling this growth? Well, there are certainly a number of factors, but what’s clear is that hacker motives have strongly shifted towards “financial gains,” at least according to SolarWinds Head Geek, Destiny Bertucci. While shock-value/notoriety/entertainment supported hacking in its early rise, money has been a major influence in its more recent uptick. Hackers have a lot to gain, and we all have a lot to lose.

Another issue at the root of this rise in cybercrime costs (and the cybersecurity market’s corresponding growth) is the pervasiveness of these crimes. Gone are the days where these modes of attack were reserved for top-notch, tech savvy, and highly motivated individuals. Today, Crime-as-a-Service underpins cybercrime and the technical layman is now being armed with the ability to launch an attack.

Whether or not you’re explicitly tasked with upholding IT security for your business, given the current outlook, it is now everyone’s responsibility. It is no longer a matter of if you’ll get hacked, but when. IT security solutions today are about limiting the attack surface, applying defense in-depth strategies, and leveraging a multitude of tools (not just one or a few) to do so.

We recently opened our cyber-dojo to allow our very own Security Kung Fu Masters to bestow their wisdom and teachings unto the larger IT community. Black belts in white hat hacking, industry mavens, scholars of security, and even former compliance auditors joined ranks to discuss these very subjects in a four-part webinar series aptly named “Security Kung Fu.” If you missed the live versions of these sessions, no need to worry—we have made them all available on-demand for your viewing pleasure. Read along to see what each stage in this journey had to offer.

Watch the Security Kung Fu Series On-Demand

SIEM Solutions

In Part 1, we took an in-depth look at the cybersecurity climate businesses are currently facing and educated ourselves on the cybercrime industry as a whole. Using the Lockheed Martin Cyber Kill Chain® as an example, we discussed the role SIEM solutions play in identifying security threats and discussed the unique capabilities of such solutions to allow users to go back in time to conduct forensic analysis of security incidents and verified threats.

Playing With Fire(wall) Logs

Part 2 of the series turned our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack that have been demonstrated countless times by hackers, we showed how firewall log data can give notice of network infiltration attempts, data exfiltration, and more. Beyond that, we discussed how Network Configuration and Change Management (NCCM) solutions can contribute to a deeper IT security solution by helping to alert you to config changes on firewalls (and other network devices), in addition to a host of other capabilities.

The Security Threats From Within

In Part 3, we took an introspective look to discuss the threats coming from within, or at least identified from within a business' own network. We looked at how Active Directory® changes such as adding users to privileged groups, escalating privileges, and changing user accounts may not only be indicators of malicious activity on the network, but the very acts themselves can create security holes that may lead to future compromises. We discussed the need to track these changes appropriately in order to give critical insight into anomalous activity and promote the long-term security health of an IT operation.

Two Schools of Thought: Security vs. Compliance

Part 4, the final chapter of the Security Kung Fu Series, we covered a subject that had only served as an undertone in our previous sessions: compliance. We discussed why letting compliance rule the security strategy for a business can ultimately lead to pitfalls that compromise both objectives.

9 Comments
MVP
MVP

Nice Write up

Now that this month's mission is about security, I suspect I'll need to review all four sessions.

Level 15

I enjoyed the article and the four-part series was informative.  Thanks!

Excellent idea, I've passed this series far and wide!

MVP
MVP

Well said...and the big point you made, it is not a matter of if, but a matter of when something gets penetrated or breached either from the inside or the outside.

Level 11

Generally a nice write up.  So that everyone knows, malware-for-sale has been going on for more than ten years. This is a little known, secretive groups that sell packages on the DarkWeb for as little as 300.00 for a starter kit. More expensive zero day exploits can go for several thousand dollars.  They rely on the fact that many large organizations and home users do not keep up with patches and AV updates on their systems.  When the average ransom price is 75.00 for a users to several thousand for a business, it can be quite lucrative.  There is no incentive for these modern day web bandits to stop as they work in countries with difficult or no extradition.  All we can do as security professionals is make sure we are up to date and make sure you know exactly how the ports, protocols and services are active in your network and are monitored on ingress and egress. Its a never ending battle!

Level 11

Thanks for sharing these insights. We actually touched on this subject, on numerous occasions, throughout this series. Fascinating yet scary stuff!

Great article(s). I have been using them as roadmaps for getting security off the ground at my company. All the bosses-with-doors are envisioning grandiose security measures in place by EOY. I am still busy getting logs sent to the right location and implementing a Patch Mgmt strategy. A lot of Thwack articles have served as useful justification.

MVP
MVP

Nice information - got me to go watch!

About the Author
While serving as Product Marketing Manager at SolarWinds, I led the messaging and strategic marketing direction for over 13 products from the Security and Tools Portfolios. My introduction to the IT space came in the five years I spent working for an Austin-based colocation, managed hosting, and private cloud provider that assisted businesses in the healthcare, financial services, education and various other industries with high security needs and sensitive data. In that time, I learned a lot about the hosting industry, IT service management, physical and technical security, and of course... regulatory compliance.