When you boil it down there is a simplicity to it all. It is like the natural systems that make up the world around us. like an animal that develops a bad infections, viruses and other parasites infest the animal and slowly the animal dies. When its immune systems are strong it might be able to fight of the infestation and again become healthy. Our computer systems are very simple. They too develop infections, vulnerabilities that become subject to viruses and other parasites Worms, Trojans and other infestations are slammed into our systems; into every vulnerability that they might have. When their immune systems are strong they have a reasonable chance at fighting off the illness of the day. Firewalls keep out the blatant attack. IPS and IDS systems help to stop and immunize against the more aggressive vulnerabilities. Vulnerability assessment solutions are like physicals for your systems helping to patch and secure the weaknesses in the defenses of your network. Then, on the inside, we watch. like the dutiful parents we are we read our logs, watch our network traffic, and educate our users. We maintain our HIDS and Anti-virus;; all making sure that everything stays healthy and quiet; ready when the cold breaks out. It is simple, when all the systems work.
So why is it so hard. Yes, users sneeze, bringing viruses in behind the defenses. But we watch the inside and should spot that. Yes, we have millions of attacks a day. But our defenses our strong. Yes there are regulations managing every aspect of everything we do. But if everything is managed properly the regulations should be easily in compliance. Yes the networks are large and complicated and managing all of the systems is a daunting task. But if you scale your defenses accordingly you should be able to manage the task. The problem is all of it. It is scaled complexity that everyone tries to manage. What is that rule, "KISS". That is right keep it simple stupid. don't over complicate it. Stick to single solutions. and best of breed. When a solution does not work, replace it. Do not phase out, replace. When you phase a solution out you will never get rid of it and you will end up managing multiple solutions adding to complexity and making the task more complicated weakening your defense. Use best of breed. That does not mean the most expensive and that does not mean that the best is the same for every company. Cisco may be the best IPS for one company but another company bay be better off with a Sourcefire solution in their environment. Best of breed means do the homework and find the solution that works best for your environment and your level of expertise. Ask for help. not every company has a large SOC and a large Security staff. not every company has all of what they need all of the time. Contract out, hirer professional services, and higher additional staff when needed. finally have a short term and a long term plan for development and health. You need both plans one to eventually have full coverage of all components of a security plan and one to keep your security plan healthy.
Remember it is simple. That is why we all get the common cold every year.
No comments:
Post a Comment