Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/26/2018
03:30 PM
Mike Armistead
Mike Armistead
Commentary
100%
0%

5 Ways Small Security Teams Can Defend Like Fortune 500 Companies

Keep your company protected with a mix of old- and new-school technologies.

Your security budget is small. You know this. You have a staff of three that must do "all things cybersecurity" for a midsize or large enterprise. Or maybe you're a solo security manager whose outsourced security monitoring service only occasionally sends real incidents. You might even be that IT guy who is expected to wear multiple security hats for a few hours each week. You show no sympathy as you listen to a panel webcast consisting of large financial institutions discuss how hard it is to find the 20, 40, or 100 skilled staff members they need.

You wish you had more personnel to cover more ground, but additional head count (or additional budget for a managed security services provider) just isn't coming. And all the while, your attack surface grows and the data generated by expanding digitization of your business skyrockets. How can you effectively defend your enterprise like the "fat cats" do? A mixture of old school and new, emerging technology "ingredients" give you capabilities that even those with larger cybersecurity budgets would be hard-pressed to match.

Ingredient #1: Core telemetry. When you can't do everything, you need to focus — and that focus should be on the endpoint and network. There is a reason that these two areas have long attracted attention and automation — they can tell you a lot about whether you are compromised or not. The good news for resource-strapped teams is that most every organization has existing telemetry, including endpoint protection platforms — aka anti-malware/antivirus — and intrusion detection/prevention systems. These may not be sexy (did I just use that term in a security website?), but they still offer a wealth of capabilities. Before you chase after the latest, greatest, machine learning (ML)-based widget, look to deploy proven (and relatively inexpensive) core telemetries first.

Ingredient #2: Context. Getting an alert is only half of the security equation. The other half is figuring out if it matters. To determine the impact for any alert, you must understand its context. Therefore, know your IT infrastructure, especially where the critical assets and system vulnerabilities are. Strive to spend resources, time, and energy tracking down indicators that truly matter, and don't just chase every alert.

Ingredient #3: Automated analysis. We've finally reached the point where artificial intelligence (AI)- and ML-based solutions can perform tasks that up till now have been manual. This goal, however, is not simply to acquire a tool claiming ML or AI (because every security vendor can sell you one). The ingredient you need uses software to perform tasks that people either aren't good at or consume too much time, including monitoring high-volume, repetitive data involving ingredients #1 and #2. The key questions you must ask those offering this new-fangled ingredient include "does it save me time/resources without adding time/resources elsewhere?" (the bane of security information and event management systems, user entity and behavior analytics software, and orchestration tools) and "can you prove it works?"

Ingredient #4: Easy scaling. A common strategy among security teams is to create a funnel to match the available resources of a team. For example, only investigate critical alerts because the team doesn't have the bandwidth to process the highs, mediums, and lows. Although such strategies offer useful coping mechanisms, this approach guarantees things will be missed. New solutions — especially those that offer hybrid or cloud-only architectures — offer to turn this funnel into a pipe, providing the needed extra capacity and associated processing power on demand. Just don't forget to include service-level agreement terms to ensure your supplier expands as you need it.

Ingredient #5: Automated upkeep and learning. As mentioned above, many of today's core security operations products require significant setup and ongoing attention to deliver on their promise. Here's my advice for resource-constrained security teams: Beware of the platform! In most cases, that term means both "power to configure to your situation" (good!) and "you must pay the costs to maintain over time" (bad!). Instead, adopt technologies that can upgrade automatically, a practice that is increasingly common. (Note: Although Respond offers this, so do many other companies in this market.) Also look for solutions that can automatically adapt over time via self-learning to produce better results. Don't get too caught up in how — concentrate more on the nature of what is adapted or learned and which tasks it removes from your team.

These five ingredients can elevate your smaller-budgeted security team. With a mixture of old- and new-school approaches and technologies — especially emerging solutions aimed at automating previously manual tasks without hidden costs — your security team can perform like a much larger organization.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Mike Armistead is co-founder and CEO of Respond Software, a Silicon Valley software company that brings artificial intelligence (AI)-based products to cybersecurity teams to help them more effectively defend their enterprise.  Mike is a serial entrepreneur with ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
techate
50%
50%
techate,
User Rank: Guru
7/28/2018 | 11:44:31 AM
Cyber Security For Small Business
Cybersecurity is hot and demanding for a small business. As you know hacking activities have been increasing for a few years and opposite small business could not improve ist status so small businesses have more affected. Google Customer Service is work as cybersecurity for small business
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.