This is a provocative query: Is it attainable, given the huge array of safety threats as we speak, to have too many safety instruments?
The reply is: You wager it is attainable, if the instruments aren’t used the way in which they might be and must be. And all too usually, they are not.
New instruments introduce new prospects. Typical excited about safety in a specific context might not be relevant precisely as a result of the tech is new. And even when standard pondering is relevant, it could require some modification to get the perfect use out of the instruments.
That is an actual downside for safety executives. And the extra highly effective, subtle, and game-changing safety instruments could also be, the upper the chances this downside will apply.
That is regularly the case with zero belief, because it differs a lot from conventional safety. New adopters generally count on a extra high-powered firewall, and that is essentially not what they get. They’ve determined to spend money on next-generation capabilities, but they start with a perspective that’s usually final technology in character, and it actually diminishes their ROI.
It is the Response, Not the Request, That is Dangerous
The standard perspective on company Net entry, for example, says that, inside a enterprise context, some websites are good and a few websites are unhealthy. Examples of excellent websites embrace tech media, business companions and rivals, and information providers. Examples of unhealthy websites embrace playing, pornography, and P2P streaming.
The standard response is to whitelist the great websites, blacklist the unhealthy websites, and name it a day. Past the truth that this line of pondering can lead safety groups to make lots of of guidelines about which websites to dam and which websites to permit, I might wish to counsel it misses the purpose.
Right this moment, we all know that optimized cybersecurity just isn’t a lot in regards to the perceived character or subject material of a web site. It is extra about what sort of threats could also be coming from the location to the group, and how much information is leaving the group for the location. Which means you are going to want new approaches to asking and answering questions in each classes, and that, in flip, means new instruments and a brand new understanding.
This example comes up within the context of content material supply networks (CDNs). They characterize an enormous fraction of all Web site visitors and, for essentially the most half, it is true that the content material they ship can be innocuous as a safety menace. That is why many safety admins have arrange guidelines to permit all site visitors from such sources to proceed to company customers on request.
However is it actually clever merely to whitelist a whole CDN? How are you aware a few of the websites it serves up have not been compromised and are not a de facto assault vector?
Moreover — and that is the place it will get attention-grabbing — what when you even have a instrument so highly effective and so quick that it may possibly assess CDN content material, in or in very near actual time, for its potential as a safety menace earlier than it reaches customers? Would not you be clever to use that instrument, if correctly configured, versus not use it?
On this state of affairs, the previous assumption that no instrument might be that highly effective and quick, which was true, is now false. It is no extra legitimate than the previous assumption that CDN-sourced content material should inherently be secure.
So to implement this new and extra subtle perspective on Net entry, it is fairly clear extra is required than merely implementing new tech (rolling out new instruments). Individuals should be educated within the tech’s function set and capabilities, and processes should be adjusted to take that new information under consideration. If that does not occur, safety admins who’re merely given new tech is not going to be getting the perfect use out of it. They are going to be, when you’ll forgive the time period, a idiot with a instrument.
Keep On Prime of Capabilities and Configurations
Streamlining your vendor safety stack is at all times preferable to bolting on new instruments with area of interest performance. In any other case, chief info safety officers (CISOs) might find yourself attempting to safe a provide closet, not figuring out which locks are literally in impact. Even so, this is not a one-and-done duty.
Suppose, for example, it selects one accomplice for the community safety, one other for endpoint safety, and a 3rd particularly for identification administration. Suppose all three companions are genuinely high tier.
If the group’s individuals and processes do not perceive and take full benefit of the companions’ capabilities, these capabilities is not going to ship complete worth, and the group is not going to be as protected because it might be. The variety of safety instruments has basically been decreased to a few nice instruments, however the safety structure nonetheless wants ongoing consideration.
Within the age of the cloud, updates and options are being pushed always. Which means configuring a brand new safety instrument as soon as and stepping away isn’t sufficient. As a result of new capabilities can disrupt a enterprise’s operations in methods unforeseeable to a vendor, they’re usually turned off by default when first launched. To be their simplest, safety instruments should be reconfigured frequently.
I am going to conclude with a typical instance I see regularly. As a result of botnets are a significant ongoing downside, it is necessary to have some bot detection/bot blocking capabilities in place. This will likely take the type of monitoring logs for issues like compromised endpoints, which command-and-control servers might attempt to contact to ship directions.
That is exactly the type of info safety managers must be thrilled to get.
However as a result of many departments do not have the time or inclination to investigate their logs, they do not profit from the knowledge contained inside them. Because of this, compromised endpoints aren’t cleaned and no forensics are carried out to learn the way they have been compromised within the first place.
This brings me to my backside line: Maintain your eyes open, perceive what new tech and new companions can do and capitalize on it to the perfect impact. Your group and profession will each profit.
Learn extra Companion Views with Zscaler.
