Life of a modern CISO in this digital era is tough & stressful. They need to defend their enterprise from emerging threats, keep up with upcoming trends and technologies –while keeping the business secure. They often face situations between what they would like to against what they can do due to various limitations. While it is difficult for CISOs to maintain their security postures, it is furthermore difficult for vendors too to protect enterprises in a multi-vector threat landscape. The tussle between a point solution vs integrated strategy has been going on forever. So what is the way ahead for a CISO in such a scenario? They should:
- Focus more on insider threats - Earlier cyber attackers used to focus mostly on perimeter defenses. Now enterprises have well fenced perimeters equipped with next gen firewalls, WAF’s, malware detection technologies, secure gateways / proxies, secure VPN’s and secure roaming profiles. Thus, the focus of attackers has now shifted to compromises emerging from the inside of enterprise network. It is found to be easier to inject a bot or malware into the insider network through emails, web browsers or through supply chain software and propagate them. This has lead insider defenses to become a key focus for our CISO’s and the security teams.
- Non-critical devices matter too – While insider threats is coming into limelight, on the other hand, security operations and monitoring in many enterprises is still heavily focused on only perimeter defenses. Applications, end points and non-critical machines are not brought into the scope of proactive monitoring, but as we have seen the recent trend of threats and attacks are all focused in these areas. Systems more prone to attacks are the ones that are non-production / test / POC machines. An unmonitored PoC VM can bring down the whole enterprise network if compromised. Additionally, with the Mobile & IOT device spread, it will further increase the risks erasing enterprise IT boundaries and increase easier targets for the attackers.
- Status of threat defense controls implemented within the enterprises today: There still are numerous enterprises that have implemented security controls but do not leverage them to play an effective role yet. Still many tools, logs and alerts are unmonitored in the IT infrastructure of an organization along with many of the controls not interfacing with each other. They also do not share intelligence with each other. In the recent past, various vendors are coming up with threat Intel exchange mechanisms, enterprise bus technologies but they are still very proprietary at this point. Cross vendor / open standards driven communication is still a challenge. It is important for enterprises to constantly assess and measure the status of security controls, look for ways to improve their effectiveness and keep up with current threat landscape
- Automation is the key to effective Incident resolution: The current incident resolution SLA’s that enterprises deal with must come down much further. Many enterprises with decentralize / multi-vendor landscape have incident resolutions taking up to a couple of days which is way below the expectation of current compliance and data privacy demands. Automation is the key to overcome this challenge and it is important for enterprises to start investing and evaluating some of their critical incident handling use cases, weigh them against automation and start investing into automation.
- On top of all the above, good old basic hygiene also plays a major role – secure patching, secure SDLC, periodic vulnerability scans, penetration testing and constantly looking for ways to improve – since these are the areas that failed in the past and opened doors to majority of the ransomware attacks. We often come across enterprise who are very good with catching up with new technologies but fail in improving and effectively utilizing what is already in place. Many SIEM implementations have not had any new rules or correlations added for over 3 years. Maintaining security baselines, constant audits and continuous improvements is becoming a norm in the current cyber era and definitely cannot be neglected.
To summarize, in the recent times, the enterprises have realized that the threat defense will always be a catch-up game – Threat vs. Protection. Enterprises must be constantly on a look out to improvise and enhance the controls implemented while constantly reviewing what is in place. They need to put efforts into achieving end to end integration and explore and employ technologies such as AI based proactive threat identification, Endpoint threat detection, fingerprinting, white listing / grey listing. They need to expand their endpoint protection to mobile devices while monitoring all cyber parameters of the enterprise. The enterprise should constantly thrive to bring down the incident resolution time and bring less focus on the systems also into picture. In this modern time, for a CISO to be successful, comprehensive integrated security clubbed with AI & automation is the way forward.
Priya Kanduri brings in more than 18 years of experience in IT security with domain expertise across Cyber Risk & Analytics, Data privacy & protection, Access Governance, Risk & compliance. She is currently serving as the Head of innovation & security technology practices at Happiest Minds. Priya focuses on the next generation solution development & managed service platforms for IMSS. Her key focus is on cyber security solutions for the new age digital enterprises – ensuring security and agility of their current and future needs.
Before joining Happiest Minds Priya worked with the enterprise security services division of Wipro technologies for over 12 years delivering large compliance and cyber security programs to Fortune 500 companies across UK and Europe regions.
Priya holds a Bachelor’s degree in Engineering from SVU college of Engineering- Tirupati, Andhra Pradesh
This article was originally published in Silicon India Magazine, CXO India edition, Oct 3, 2018: https://goo.gl/9MWLUB