mobile logo
25
October

Yesterday’s Technology & Cyber Risk Today: Time for a Security Assessment? via Bradford Networks

October 25, 2016
In Industry, News, Partners
By Secure Sense

For most IT teams, addressing or thinking about cyber security is a daily concern.

From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. Since October is Cyber Security Awareness month, this is a good time for you to take a strategic look at your organization’s current security posture.

From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. Since October is Cyber Security Awareness month, this is a good time for you to take a strategic look at your organization’s current security posture.

The key concerns should be whether your current solutions still provide the security you need, and whether your organization’s procedures are still in alignment with current best practices. The SANS 20 is a good checklist to start a quick strategic cyber security assessment. Comprised of current Critical Security Controls (CSCs), some of the items on the list may seem rudimentary to some organizations, but with technology and threats evolving daily, the deployed solutions may no longer support the full scope of current CSCs.

Yesterday's Technology & Cyber Risk Today: Time for a Security Assessment?

For example, Bridgestone’s Credit First National Association (CFNA) had a Network Access Control (NAC) solution in place, but during a routine network security assessment, they discovered that it failed to provide a comprehensive security solution. CFNA’s older NAC solution did not fully meet Critical Security Control (CSC) 1, identify all authorized and unauthorized devices on the network, or CSC 4 for continuous vulnerability monitoring and assessment. Timothy Lynch Childress, manager of CFNA Network Services, Bridgestone Firestone, was stunned. “Even with a NAC solution in place, an auditor was able to access our network in less than ten minutes just using his laptop,” Childress explained. “We are required to ensure compliance with Office of the Comptroller of the Currency regulations, and keeping our customer and employee data safe is paramount. We began looking for a new solution immediately,” he added.

CFNA upgraded to a Security Automation & Orchestration solution, Network Sentry, which meets several CSC recommendations. Network Sentry leverages the built-in commands of network switches, routers and access points to establish a Live Inventory of Network Connections (LINC) and enforce control over network access. It then assesses the risk of every endpoint, helps users self-remediate unauthorized devices, and enables role-based access to the network and data. By upgrading to newer technology, CFNA was able to attain full visibility into each device connected to the network, continuously monitor each device and automatically contain any suspicious or compromised endpoint devices, in addition to a number of other benefits, this Security Automation and Orchestration solution addresses several CSC goals, and supports a few additional CSCs.

CFNA is by no means alone – a recent survey shows only 37% of companies use endpoint monitoring that includes user activity and physical media.[i] A statistic that underscores the need for organizations to conduct strategic security assessment periodically.

A Security Automation and Orchestration solution can help you satisfy the following CSCs from the SANS 20:

  • CSC 1: Inventory of Authorized and Unauthorized Devices: This requires that you profile and continuously manage all devices on the network. Security Automation and Orchestration software can help you ensure only authorized people and devices are granted access, and unauthorized devices, or devices that fail to meet the minimum security requirements are deferred from access. It can also provide a self-remediation page for users. If a user requires a software patch or updated AV software, they can be re-directed to the appropriate page to fix the issue. This saves time for users and IT staff, as well as increases user satisfaction.
  • CSC 2: Inventory of Authorized and Unauthorized Software: Having knowledge of all software running on the endpoint device is another key benefit of a Security Automation and Orchestration solution. This can be done by integrating with a Mobile Device Management solution, or by running an agent on the endpoint device. If a dangerous download or a software change is detected that makes the device non-compliant with the established standards, it can automatically quarantines the device.
  • CSC 6 Maintenance, Monitoring, and Analysis of Audit Logs: Retaining a record of every network action taken by each device can assist you in: analyzing security events, capacity planning, compliance audits and more. A Security Automation and Orchestration solution with built-in repository and analytics can constantly monitors and logs the actions of every user and device.

While these are only some of the CSCs that a Security Automation and Orchestration solution helps you meet, you can see that this one solution has a huge impact – helping networks meet some of the critical SANS controls.

Even if your organization is not in a position to tackle all 20 goals immediately, this is a good time to assess your organization’s network security posture and prioritize technology upgrades to ensure end-to-end network visibility, dynamic access control and automated threat response.

If your staff is currently overcommitted, Bradford Networks, a leader in Security Automation and Orchestration technology, offers a free no cost, no obligation network security assessment to get you started. Sign up for your network security assessment today.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.

[i] http://www.mcafee.com/us/resources/misc/infographic-threats-report-sep-2016.pdf

SOURCE.
Post Tags:

Related Posts

Effective Patch Management Tools for Your Organization

Welcome back to the...

The Evolution from Password Managers to Privileged Access Management. Which is right for you?

Welcome back to the...

A Secure Sense Competitive Advantage

Welcome back to the Cyber Security Month blog! In last week’s blog, we talked about the importance and value of an MSSP, what sets Secure Sense apart from other MSSP’s and how Secure Sense can help your business. Today, we want to continue the conversation around the competitive advantage of working with Secure Sense and what sets us apart in the world of managed security.

In addition to our dedicated customer success teams and our 24×7 SOC (read more in the previous blog here) Secure Sense’s white glove service stands out in many other ways. Continue reading to find out the secret keyphrase, and our competitive advantage.

Expert engineers/analysts

Our experienced technical team comes from diverse technical backgrounds, representing a wealth of security knowledge. They play an integral role in everything we do at Secure Sense; from evaluating partners to developing services, allowing us to focus entirely on the best products and the highest training certificates.

Our engineers, architects, and analysts are required to ensure they are up-to-date on technical training. In addition to solution technical training, our technical team has focused on training in the following areas:

  • Communication for clearer and more accurate ticket updates​
  • Troubleshooting skillsets have led to fewer escalations internally, and ultimately shorter times to remediate​
  • Critical analysis skills which have measurably improved our ticket responses in providing higher quality responses to tickets.

This training has had a measurable increase in the quality of our services, as well as time to remediate and reduce escalations.

Our SOC has many teams that work with our expert analysts to ensure you receive the most from your service. In addition to our security analyst team, Secure Sense has four other technical teams: the reporting team, the threat intel team, the automation team, and the purple team.​

Automation team:

The Secure Sense automation team reviews customer requests, as well as potential customer controls, and ties those controls in with our managed services for automated systems mitigation, stopping threats in their tracks.​

The team is also responsible for:

  • Automated SIEM log analysis, tied into our Threat intelligence team to streamline the ingestion of IOCs into our managed services.
  • Implementing our vendor vulnerability review and remediation systems allows us to reduce our critical vulnerability remediation windows and provide improved visibility into coverage and reporting.
  • Delivering smart-responses from our SIEM solution, and implementation of Reporting team recommendations and improvements.​
  • Automating reporting and alerting directly into our ServiceNOW portal, providing short response times to customer alerts

Reporting team:

Secure Sense has created a dedicated reporting team to streamline and bring more meaningful data to our customers on a regular basis. This team not only builds custom reports, but also analyzes how our customers are using our services, identifying any particular improvements that we could be making to the services, and providing recommendations to the rest of the managed service teams.​

Our reporting team also builds datasets and analyses based on our customer tickets, as well as managed service systems, to identify new use cases and patterns that we can leverage to improve services internally.​

Threat intel team:

Our internal Threat Intel team reviews various events that have occurred and identifies the relevant TTPs. They provide this intelligence to our purple team which will operationalize it.​

The Secure Sense threat intel team focuses on both systematic collection of IOCs and analysis thereof, as well as individual TTPs that are used to identify new and emerging threats. ​The team looks at those tools, Techniques and procedures that threats are using in the market, and identifies how they could be leveraged against our existing customer base, along with better enhancing our services to detect those TTPs when in use.​​

Purple team:​

Secure Sense’s Purple team reflects the blend of both defensive or blue team skillsets, along with offensive or red team skillsets. The team takes tools, techniques and procedures identified by the threat intel team, analyses our customer’s environments and identifies if we can detect them. ​ With customer collaboration, the Purple team can provide execution packages where we can simulate specific components of a threat, and then validate that we have visibility into that TTP being run in a customer environment.

Professional services

Secure Sense’s implementation and support experts are experienced in a wide variety of Professional Services engagements with specialized tactical teams within our extended technical bench, focused on specific technologies and or products.

In most cases, Professional Services are project-based services that require a skilled engineer or architect for a one-time project or short-term change in your organization; or a senior consultant to provide a wide range of risk advisory services. Project teams will also typically address any ongoing support or maintenance after the initial project is complete.

Our cybersecurity consultant team and senior architects hold a broad range of top industry certifications and credentials, along with many years of experience in the industry. Our methodologies for common engagement types have been developed and refined to reflect the most up-to-date best practices and to scale to projects of any size, including global enterprise enablement.

A few of the engagements we commonly offer include:

  • Cybersecurity Architecture Assessment and Design
  • Solution Implementation Services
  • Health Checks
  • Penetration Testing
  • Vulnerability Assessments
  • Threat and Risk Assessment
  • Enablement & Training
  • Ongoing Support

Secure Sense focuses on continual training and certification among our technical ranks in order to provide the most knowledgeable technical support.

Security training

Secure Sense offers security training and can assist in helping your organization to create its cyber security training program. From general employee awareness training to specific security training for your IT and security staff, Secure Sense can help your organization combat the threats they face on a daily basis. Our team is able to offer:

  • Engaging user awareness training for end-users
  • Technology training for security solutions and products
  • Security Analyst training
  • Threat hunting training
  • Threat simulations to give your internal security teams practice in using internal tools
  • Tabletop exercise development and execution to simulate incidents and incident response

Your Key word is “Purple Team”

Don’t forget! Take this keyword and head to our LinkedIn page here to comment on it for your chance to win one of many prizes this month!

As always, if you’re interested in learning more about Secure Sense’s competitive advantage or any of our services, don’t hesitate to reach out to us at 866-999-7506 or sales@securesense.ca!

Continue reading