Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/20/2021
10:00 AM
Lee Chieffalo
Lee Chieffalo
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Tips for a Bulletproof War Room Strategy

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.

When COVID-19 hit the United States, there was no shortage of headlines about the new security challenges caused by the shift to remote work. There is truth in that, but I argue that, rather than creating new problems, what the pandemic did was expose and exacerbate existing security weaknesses.

For example, in the rapid shift to remote working, many organizations' most immediate solution was to relax their virtual private network (VPN) and Remote Device Protocol policies to give workers access to applications and data through personal devices and home networks. But this often led to misconfigurations that cyberattackers were fast to exploit.

Related Content:

How to Build Cyber Resilience in a Dangerous Atmosphere

How Data Breaches Affect the Enterprise

New From The Edge: How the Shady Zero-Day Sales Game Is Evolving

Additionally, although cloud adoption was already on the rise before COVID, many enterprises are now entirely cloud-enabled, making the perimeter increasingly obsolete. Threats are no longer just malicious actors that make their way in; today, they include inside actors, misconfigured services, and shadow workloads containing sensitive enterprise data, accelerating the urgency around gaining visibility in the east-west corridor.

And that's not all that's suffered from the increase in remote cross-team communication. IT and security teams were already battling competing priorities, but now they might need to take extra steps to resolve an issue. And worse? Hackers thrive on this kind of chaos. Inherently lazy hackers will exploit a lack of cross-team communication to gain access to the network's most critical resources, often moving under the radar until it's too late. Internally, this not only leads to breaches, potential loss of sensitive data, and millions of dollars' worth of fines and legal liabilities+, but also finger-pointing that exacerbates preexisting cultural silos between teams.

Update Your War-Room Strategy
For nearly two decades, I actively served the US Marine Corps, completing three combat tours. After spending the majority of my military career as a network architect and engineer, I approach my cybersecurity work at Viasat with a unique perspective on mitigating high-risk situations.

In security, like combat, there is no better way to prepare for the next attack or crisis than getting tightly aligned on war-room strategies. War rooms are designed to bring key decision-makers together and arm them with all the information necessary to make rapid decisions during high-risk situations.

The same techniques used in real-world combat apply in cybersecurity operations. The only difference is that instead of bullets flying downrange, it's packets. Instead of nation-states going at it, you have everyday groups of hackers trying to gain access to your network, steal your information, or degrade your service. Any security practitioner will tell you: It's a war zone.

Build a Bulletproof War Room
Here are three tips for establishing a bulletproof war room that delivers deep organizational visibility and enables rapid decision-making.

1. Bring the Right People to the Room
In today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams spanning cloud, network, development, automation, and more.

As much as these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organization. When they send updates or find an exploit that threatens their system, it's not just their system that is impacted. It can produce massive consequences across all areas of the business.

2. Empower Teams to Overcome Decision Paralysis
In combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be quickly made.

3. Plan for Various Scenarios and Risk Levels
In one instance, a war room could bring together a group of engineers from different disciplines to investigate or troubleshoot something that crosses boundaries into their systems.

In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future, whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities.

No matter the risk level, war rooms can function as catalysts for aligning on sharp, effective plans, both in offensive and defensive situations.

Don't Overlook the Basics
IT and security professionals' jobs became increasingly more difficult in 2020 — they've re-imagined the traditional enterprise network and created new, safe ways of working all while combating deeper cultural silos than ever. In this new reality, one of the biggest mistakes organizations can make is to skip the security basics.  

Building a cohesive war room gives IT and security teams new ways to collaborate, work together, share information, and avoid finger-pointing. Reaching out to colleagues can build bridges that help solve these new challenges we're facing together. In the Marines, I saw firsthand the power of what can be accomplished when teams focus and work together. As the Marines advise when facing times of chaos: "Improvise, adapt, and overcome."

Lee Chieffalo is Technical Director of Cybersecurity Operations at Viasat. Prior to joining Viasat, he completed three combat tours with the US Marine Corps and actively served for nearly two decades. After spending the majority of his military career as a network architect ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.