With this post I would like to provide some personal thoughts on the key things organizations should be doing to enhance security, privacy and functionality of their IT. This includes some specific recommendations for security solutions, including solutions I’m on advisory boards for (read the disclaimer). So I better caveat this by saying “please use your own judgement!” I associate myself with firms because I believe they are world class best and that is why I’ve mentioned the specific capabilities here.
With that, here are my views of the top five things every governmental organizations should be doing to reduce risk in cyberspace:
1. Adopt an fully implement a program centered around the Consensus Audit Guidelines. Details on this effort are at http://www.sans.org/cag This program is a well coordinated, well thought out list of controls and metrics that every organization should have in place. It includes 15 controls subject to automated measurement and validation and five other controls that are not supported by automated measurement. The combined 20 controls will let organizations measure and continually improve their security and functionality.
2. Understand you can’t do it alone. Stopping the threats today is a constant struggle, and even the most secure enterprises are getting penetrated (case in point, consider the US intelligence community and what a single criminal insider was able to do). All organizations, of all sizes, need to find the right organizations to network with and the right cyber defenders to coordinate with when times get tough. In general, these are groups like :
- Carnegie Mellon CERT
- US CERT
- US Cyber Command
- DISA’s IA team
- FBI (and the IC3).
- DoD Cyber Crime Center (DC3)
- DoE CIRC
- SANS
A lesson I’ve learned the hard way, multiple times, is that coordination with groups like this should be done before you need to. When the crisis comes you should already know who to plug in with.
3. Establish deep packet inspection multi-function capabilities at the entry points to your networks. My favorite means to establish this capability is with the Cloudshield telco packet server. Cloudshield’s capabilities address many enterprise challenges including threat from external sources plus threats of data loss by the use of an open, programmable network platform.
4. The greatest source of threats into the enterprise IT systems today is via the browser. Shutting down this avenue of attack while keeping your users on the net is a key requirement. Web-borne malware comes in via the browser and well resourced criminal groups are ensuring they will always be able to find a way in. The solution here: Invincea browser protection. Invincea protects users against web-borne threats to eliminate these risks. See their blog for more info.
5. Maintain control of the state of your endpoint devices by use of automated, persistent security readiness. Applying endpoint security automation continuously remediates issues on user desktops so infections/penetrations/trojans/problems are found fast and the computer’s state is returned to its previous working status. The most scalable, robust solution in this space is Trumfant. Use of Triumfant is a key component of defense in depth but also a significant contribution to IT O&M and readiness. Triumfant will reduce the amount of trouble tickets your help desk receives, stuff just works better. See their blog for more info.
Above I mentioned 20 controls, 9 coordinating organizations, and three specific technologies. But there are far more technologies of interest, many of which are reviewed and described in detail on our site at http://ctolabs.com