Network Forensics Can Help Your Business Correctly Identify The Source Of A Security Breach.

Enterprise security teams have historically spent most of their time, human resources and money on defenses like firewalls and Intrusion Detection Systems (IDS) to protect and monitor the security of their networks. However, a quick look at the news will tell you that these barriers are far from foolproof. With breaches becoming more common (and costly), enterprise teams are turning to tools that help them respond quickly to security incidents as soon as the attack has been discovered.

Network forensics looks at information such as log data, network flow and packet data to answer the question ‘How did the attackers get in?’. It’s similar to what you would expect a detective to do at a crime scene – look for clues to recreate the crime. The goal of network forensics is to identify the source of the breach faster in order to minimize the resulting damage, and to analyze them so that future attacks can be prevented.

The unfortunate truth is that no organization is safe from attack. With that in mind, here are some critical steps every organization should take to prepare for, and react to a security breach:

1. Preparedness

Employees are sometimes the weakest link in security. It is important that you conduct regular training with employees on basic security best practices such as using strong passwords, how to identify phishing emails, and not plugging unknown devices into work machines.

2. Identification

Automate the process of data collection so that it is easier to investigate and identify security events.

3. Containment

Once a breach has been confirmed, determine exactly how far the problem has spread within the company’s network and minimize further damage by disconnecting affected systems and devices.

4. Eradication

Resolve the root cause of the vulnerability and remove all traces of malicious code. Ensure that the flaw is completely resolved by running penetration tests and looking at server logs again to define whether other servers and devices might also be susceptible.

5. Recovery

Restore all data and software from clean backup files. Monitor systems for any sign of weakness or recurrence.

6. Lessons learned and remediation

Conduct a thorough post-mortem to analyze the incident and how it was handled. Identify prevention and response processes that can be improved.

Click here to read the full article

5 Top Pieces Of Advice For CISOs

Most vendors fall into the trends, forgetting about customer needs for the sake of a technology race. Unfortunately, the main problems for CISOs still lie within the borders of security basics.

New technologies will never bring any value to your company, unless you get your basic security right. While attackers and threats get more sophisticated, the level of security awareness at the board level often leaves much to be desired.

Here are five recommendations that you, as a CISO, can take advantage of to get maximum return on your cyber security efforts:
1. Know Your Assets

Before you start making strategic security plans, it is very important to find out what IT assets and data you have, where they are located and how critical they are.

Lack of visibility prevents organizations from setting the right goals, which means they fail even before they start. The main challenge here is to discover the maximum number of assets within the minimum period of time. There is no one-size-fits-all solution yet, but it may lie somewhere in between an automated data discovery solution enforced with recon techniques (used by hackers to discover subdomains, resources and properties) and hiring a full-time employee responsible for the process.
2. Develop Cloud Security Skills

Start with major decision makers and bring key stakeholders, including CISO, InfoSec and application teams together into one agile group. This will greatly contribute to developing a cloud security strategy and improve cooperation.

The next step involves a mix of new and old technologies. Combine network penetration testing, dynamic application security testing, automated patch management, vulnerability assessment with UEBA and SIEM solutions for cloud services, and cloud access security brokers (CASB). In addition to that, leverage security services offered by cloud providers. This combination of management decisions and technical expertise will greatly add to your security efforts.
3. Focus On Identity Not Perimeter

Gradually network perimeter security disappears, clearing the way to an identity perimeter concept. Your employees can now work remotely from home or business trips, so your security measures should be adapted accordingly. Set protection of user identity as your ultimate goal and develop a security strategy to support it. Start with multi-factor authentication (MFA) that will allow you to minimize risks of account hijacking, especially in case of phishing attacks, and with CASB to intercept and monitor data traffic between your network and cloud platform if you use cloud services. Finally, raise security awareness among employees. Thus, everyone will understand their personal responsibility for data security in the company.
4. Speak the language of C-levels

CISOs could have been more successful if they understood that their board of directors speaks the language of money. If you want to convince the C-suite to increase your funds, get ready to talk about business benefits and financial risks. When getting ready for your speech, make sure you can evaluate and explain the following measurements:

  • Baseline: How much money you can you afford to lose and what breach probability is acceptable for your company?
  • Situation 1: You have made zero investments. How much money will the company lose in case of a breach? What is the likelihood of a breach in this case?
  • Situation 2: You have made investments. How much money will the company lose in case of a breach? What is the likelihood of a breach in this case?

Before the meeting, calculate the cost of risk reduction measures and be ready to explain in detail how the security team will spend it. Consider a risk assessment solution to articulate a clear plan.


5. Make Compliance Your BFF

Become a friend with all compliance standards your company is subject to. Even if you fall under GDPR compliance, which terrifies companies worldwide, instead of panicking or resisting changes, consider which benefits the GDPR will bring to the business. By following the guidelines, you will dramatically improve security and operations and get impressive perks: advanced data strategies, better privacy policy management, increased KPIs for data security and privacy, increased customer trust and new business opportunities to name a few.
In conclusion

To survive in 2018 and beyond, CISOs should be aware of security and business risks, be able to prioritize security efforts, and do not hesitate to talk money and argue your position. Accept that there is no single technology solution to address all threats and solve all issues at once. You will never be 100% secured, but you can make your company a tough nut to crack.


Click here to read the full article