Stephen Coty, Chief Security Evangelist, at Alert Logic, talked to a packed house at the CWPS lunch and learn event on March 18. His message was loud and clear: vulnerabilities and breaches are on the rise but with a solid security plan, you can prevent them from happening.
Stephen spoke about implementing a solid security plan for all of your cyber assets. You should review your security in-depth strategies to make sure you have the proper technology, people and processes in place to support and secure the business infrastructure. You may ask yourself, “Where do I start?” Here is a list of steps towards a solid security plan:
Taking these steps will result in a solid security in-depth strategy, but there is something missing that ties all four of the above technology strategies together.
What tie them together are security information and event management (SIEM) technology and continual content updates to stay current with the latest threats. The SIEM technology solves some of the communication issues that arise within a structured group built on different teams with different objectives. The SIEM will ingest all the logs from the above technologies to find patterns that will be escalated as security incidents. These incidents will be sent to the appropriate teams for resolution.
The tough part about SIEM is generating the content. Content is truly the backbone that makes your security strategy work. The content needs to be updated consistently with the proper testing and analysis. Content is fed into the SIEM and the engine identifies new and emerging threats that we are faced with on a regular basis. Threat intelligence is also an important factor that supports content. Intelligence consists of blacklists of malicious URLs and IP addresses, emerging malware and global data threat trends that can be delivered to the SIEM for the creation of up-to-date content.
This is a long list of security steps, but the most important item is to make sure you implement your strategy with the proper amount of people and process to make it all work efficiently.