Emerging Cyber Threats & Strategies for Defense with CWPS and Alert Logic

Posted by Myra Koshan on March 31, 2015
Myra Koshan

Alert_Logic_Logo_CMYK_with_TaglineStephen Coty, Chief Security Evangelist, at Alert Logic, talked to a packed house at the CWPS lunch and learn event on March 18. His message was loud and clear: vulnerabilities and breaches are on the rise but with a solid security plan, you can prevent them from happening. 


Stephen spoke about implementing a solid security plan for all of your cyber assets. You should review your security in-depth strategies to make sure you have the proper technology, people and processes in place to support and secure the business infrastructure. You may ask yourself, “Where do I start?” Here is a list of steps towards a solid security plan:

1. Inventory all your businesses technology assets, even the server sitting under someone’s desk. Once this is completed, start finding out which operating systems, applications, databases, and networking and security infrastructures are supporting your business. 

2. Determine which antivirus, patch management and email and storage encryption products will work with your list of assets. The list will narrow pretty quickly if you have a mixed environment like Windows, Macintosh and various versions of Linux.

3. Research which log management tools, application code scanners, web application firewalls, backup solutions, mail and web filtration work for the environments you want to protect.

4. Implement proper network security controls through firewalls, intrusion detection solutions, deep packet forensics, netflow anomaly analysis, network access controls, and scanners to continually test the environments for vulnerabilities.

Taking these steps will result in a solid security in-depth strategy, but there is something missing that ties all four of the above technology strategies together.

What tie them together are security information and event management (SIEM) technology and continual content updates to stay current with the latest threats. The SIEM technology solves some of the communication issues that arise within a structured group built on different teams with different objectives. The SIEM will ingest all the logs from the above technologies to find patterns that will be escalated as security incidents. These incidents will be sent to the appropriate teams for resolution.

The tough part about SIEM is generating the content. Content is truly the backbone that makes your security strategy work. The content needs to be updated consistently with the proper testing and analysis. Content is fed into the SIEM and the engine identifies new and emerging threats that we are faced with on a regular basis.  Threat intelligence is also an important factor that supports content. Intelligence consists of blacklists of malicious URLs and IP addresses, emerging malware and global data threat trends that can be delivered to the SIEM for the creation of up-to-date content.

This is a long list of security steps, but the most important item is to make sure you implement your strategy with the proper amount of people and process to make it all work efficiently.


Topics: Guest post from Alert Logic