Posted on November 3, 2017 by Admin
There’s no point in denying it, some aspects of cyber security are just more interesting than others.
For instance, nobody really wants to endlessly patch new vulnerabilities day after day, week after week, month after month. They’d much rather be on the front lines analyzing the latest malware, or penetration testing new applications.
And who can blame them? If you’ve ever been to a security conference, you’ve seen how sophisticated the latest security products and services are.
Who wouldn’t want that?
But before you start allocating huge portions of your security budget to the next big thing, let’s do what we always do: Start from the beginning.
A Public Service Announcement
First off, it’s worth revisiting the message we’ve been repeating throughout this series: Don’t try to run before you can walk.
I know, I know. Threat intelligence is fascinating, and it’s so tempting to dive into threat intelligence at the earliest opportunity.
But jumping into advanced controls without first mastering the basics is like building a palace without taking the time to install solid foundations. It might look good, but sooner or later you’re going down.
If you’re not sure what stage you’re currently at, you might well benefit from reading this series of articles in its entirety. So far, we’ve covered:
If you haven’t yet addressed the basic and intermediate aspects of cyber security, please go back and do so before investing time and resources in any of the measures discussed in the remainder of this article.
A Look at the Contenders
With that out of the way, let’s take a look at some of the advanced security measures available to most organizations.
1) Ethical Hacking
What it is: In a world where avoiding the attentions of threat actors is no longer feasible, ethical hacking is an opportunity to get one step ahead. Experienced security professionals will use a full range of hacking techniques in an attempt to identify vulnerabilities in applications, network architecture, and even end-user training. Naturally, once vulnerabilities are identified, they should be mitigated before they are exploited by attackers.
Useful for: Even with perfect patch management, network segmentation, and end-user training, almost every single business network is vulnerable somewhere. Once all basic and intermediate security precautions have been taken, ethical hacking an effective way of further reducing cyber risk.
Weaknesses: Unsurprisingly, ethical hacking can only be carried out by highly experienced and skilled security practitioners. If you plan to develop an ethical hacking capability in-house, don’t expect it to be cheap.
2) Internal Hunting
What it is: Internal hunting describes the practice of aggressively reaching for and eliminating security threats. This could involve studying user behavior to identify anomalies, setting up and monitoring honeypots or darknets, stress testing applications and network architecture, device and network mapping, and much, much more. Although similar in some ways to ethical hacking, internal hunting utilizes a much broader set of tactics and techniques to identify possible security holes.
Useful for: If your organization is an appealing target for threat actors, you can be sure they’ll be willing to put in the time to identify weaknesses in your network, assets, or employees. Internal hunting is an opportunity to pick up these weaknesses before they’re used against you.
Weaknesses: This can be an extremely laborious process, and may very possibly turn up nothing whatsoever.
3) Threat Intelligence
What it is: Threat intelligence is perhaps the most misused phrase in all of cyber security. When it’s done right, threat intelligence provides relevant, contextualized detail on the most pressing threats that can be used to inform meaningful improvements to an organization's security profile.
Useful for: While people often assume threat intelligence is used to “identify attacks before they happen,” its real value lies in the ability to quickly learn from cyber attacks all over the word, and make informed adjustments to your own security protocols.
Weaknesses: Many so-called “threat intelligence” products and services offer little more than threat data, which can quickly overwhelm even the hardest working analysts. Even when done properly, threat intelligence should be considered only once all basic and intermediate security requirements have been addressed.
4) Security Operations Centers
What it is: For most organizations, a functional security operations center (SOC) represents the pinnacle of cyber security. Typically, a SOC is a dedicated site where an organization’s critical information systems are constantly monitored, analyzed, and defended. In many cases, particularly within large organizations, SOCs provide 24/7/365 coverage, and take on responsibility for all advanced security activities.
Useful for: A SOC is the cyber security equivalent of a military command center. While more mundane tasks such as vulnerability management will be dealt with inside business hours by members of the IT department, most SOCs are only concerned with the identification, analysis, and processing of security incidents. For large enterprise organizations, building a SOC is the only logical way to ensure the continued security of their assets.
Weaknesses: Building a SOC is often massively expensive, and should only be undertaken if absolutely necessary.
Hang On… Do I Even Need This?
Here’s where we get really honest: There’s a good chance your organization will never need to invest in any of the advanced security protocols described in this article. If your organization isn’t particularly large and/or doesn’t handle particularly sensitive information, simply doing the basics well is (in all probability) enough to ensure your continued security.
In fact, we’ll go a stage further: Most of the organization already using these protocols are throwing away tens of thousands of dollars every year. Why? Because they failed to build a solid cyber security base first.
But here’s the thing. Two outwardly similar organizations could have wildly varying security needs, so until you’ve conducted a full cyber security risk assessment you won’t know how best to allocate your resources. If your industry is heavily targeted by criminal gangs (or even foreign nation states) you really might need a powerful threat intelligence capability, or a 24/7/365 security operations center.
So for the final time (at least in this series) we can’t over-stress the importance of assessing your current level of cyber readiness, and making informed investment decisions. To get started, check out our free cyber security assessment tool.