Submission By: Tom Gilheany
Historically, perimeter defense was the gold standard in data security. Guard the perimeter, and you’ve secured the system. However, in today’s landscape, the proverbial “building the castle” is not enough. Cybercriminals are no longer just clawing at the front door—they’re also chipping away at bricks, digging tunnels under walls, and sending in Trojan horses.
And that’s not to mention the huge number of potential insider threats—including those that are unintentional.
A modern approach—one that goes far beyond simple architecture and perimeter controls—requires an additional focus on security operations.
With the rapid transformation of the security landscape, it’s easy for organizations to be concerned that new threats will require a complete overhaul of existing security technology. Not so. Today’s threat landscape requires a combination of the old and new.
Adding security operations as a new second layer allows companies to actively and continuously monitor threats, as opposed to using a set-it-and-forget-it approach and hoping for the best.
Protecting an organization today requires a multifaceted strategy that leverages evolving technologies such as Internet of Things, big data, and analytics. In addition to external defense, companies require guards that can monitor, detect, and respond to threats across the entire network in real time.
Hardened Walls Must Pair with Smart Guards
Analytics and big-data capabilities are a necessary part of today’s cyber defense. Using the entire network as a sensor allows users to spot the needles in the haystack and hone in on the malicious activity that must be shut down. This is truly a game-changing approach, a stark contrast from the old time-consuming and imperfect ways of manually sifting through alarms.
Today, the ability to program an analytics engine delivers exactly the security data an organization is looking for, and it permits admins to use a triaged approach to gain actionable intelligence.
This pervasive level of network visibility available with today’s technology is critical in protecting against threats and is a core element in today’s cybersecurity arsenal.
Implementing this shift in defense tactics requires new skill sets. The industry is looking for workers with the skills required to monitor and analyze threat intelligence from across the network.
As a result, security teams today must include more than just those focused on infrastructure. To capitalize on technology that enables network visibility, security staff must have knowledge of what normal network activity looks like, and they must be able to spot anything that deviates from it.
The ability to separate out normal behavior from abnormal gives security teams the advantage of designing defense systems that know what to beware of. The era of the static IT guy who enters various rules into a set-it-and-forget-it system is over.
The Smart Guard Is a Familiar Guard
As an example of that shift, let’s compare two types of security guards. One is a longstanding employee of the company, while the other is a temp.
The first security guard knows the owner, knows how the building’s dimensions have changed over the years, and knows who the delivery guys and the employees are.
He is familiar enough with the property and its people that he knows instantly when something is out of place or when it doesn’t look right.
Importantly, he is a known and trusted entity to those who work at the office. When employees see things that don’t look right (“That car tailgated me into the parking lot, and the driver didn’t use an access card”), they share that information with the guard, who uses it to perform a check.
Contrast that scenario with that of the security guard working as a temp. He is more likely to be unfamiliar with the property, to perform only cursory checks of the property based on a map layout (which may be outdated), and to lack the relationships with both the office staff and the property itself to have the insight necessary to notice when something is out of place.
For Best Defense, Plug into the People
To properly secure today’s organization, security teams must be plugged into their people in addition to the network. The ability to pull actionable data from the network is critical, but security teams must be an active part of the business as well.
By engaging with the business, the security team gains the human intelligence that reduces risk and adds context into whether something is appropriate or suspicious.
The goal is to earn the trust and partnership of the business units so they can work together to secure the organization.
Otherwise, the security team runs the risk of being isolated and perceived as a parking ticket collector, popping up simply to tell colleagues when they’re doing something wrong. This does not motivate the business units from proactively reaching out to the security team with information, and it suppresses the “if you see something, say something” approach that is holistic to security.
Ultimately, the security team must communicate with everyone because security truly is everyone’s job.
The Future Requires a Two-Pronged Approach
It will always be necessary for organizations to protect their infrastructure with hardened security.
Yet with the advent of technologies such as cloud, IoT, automation, and network programmability, it is absolutely critical that security be embedded in the fabric and information flow of an organization.
Security staffs today require engineers with the skills and awareness to design, deploy, and manage an operations approach to security. By combining fortified walls with alert guards throughout the infrastructure, organizations can have a two-pronged approach to protecting their most sensitive data.
Click here to learn more about Cisco's CCNA Cyber Ops certification.
Tom Gilheany is Cisco’s Product Manager for Security Training and Certifications. He has a diverse background in startups through multinational Fortune 100 companies. Combining over 20 years of product management and technical marketing positions, and more than a dozen years in IT and Operations, he has conducted nearly 50 product launches in emerging technologies, cybersecurity, and telecommunications. Tom is a Certified Information Systems Security Professional (CISSP), holds an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.