Why A Proactive vs. Reactive Approach To Security Is Best
The evolution of state sponsored cyber-attacks, cyberterrorists, and social-engineering attacks continue to plague organizations worldwide. These attacks have morphed into a level of sophistication that elude the traditional security solutions that have primarily focused on a react, respond, and recover strategy.
Although these security solutions were useful for filtering, probing, and scanning network communications and infrastructure, we continue to hear about data breaches, identity theft, and compromised intellectual property on a daily and weekly basis.
CEOs are continually having to address customer, partner, board level, and legal queries with regard to their security solutions and how they’re mitigating risk associated with their business operations. CIOs and CSOs are also investigating new methods and tools for ensuring business continuity as they face a continual onslaught of new threats propagating the cyber landscape.
As a result, a shift has taken place whereby a “proactive vs reactive” mindset and methodology has taken hold. These proactive methods include tools to predict, isolate, and minimize the attack surface as well as provide visibility into the type of attacks that are taking place.
Incorporating a proactive security methodology that permeates the corporate culture and extends to the products and services can better enable an organization to defuse catastrophic attacks and keep the business operational.
The initial step in establishing a proactive vs reactive security posture is to empower the CIO and CSO team with the appropriate investment in tools and personnel. Coupled with the authority to implement and enforce the proactive security posture, the CIO and CSO need to recognize the business implications and risk tolerance of the organization.
Just because you can implement every security solution under the sun does not mean you should. The following are a few examples of where I would start to think of how to introduce proactive layers of security:
Ensure that the development process for your software has measures in place from build, package, to deploy addressed for areas of potential compromise. This can be accomplished by introducing code-scrambling techniques that are implemented at compile time.
Environments should be segmented to allow for workloads to be processed in their unique, isolated security groups. These groups should allow for real-time modifications so that workloads can be directed to different groups as required.
A combination of containment methods can be utilized to enforce policies either at the endpoint or when accessing applications within a cloud environment. These containment policies can further isolate workloads into container-enabled nodes, which further isolate known or unknown web traffic.
Data protection methods that either utilize encryption or tokenization security measures can be incorporated for public, private, or hybrid cloud applications. In addition, the incorporation of endpoint, hardware, infrastructure, software, application, and cloud all comprise key elements to a proactive data security model.
The multiple sources of security logs from the various in-house and external third-party tools also require methods of integration that allow for a unified dashboard. This will allow you to detect threats, run advanced analytics, and have an incident response policy in place to address situations as required.