In many organisations, security is in a bit of a mess. Solutions have been layered on to counter a variety of threats against a variety of assets. But the result is a configuration management and upgrade nightmare.
In spite of vendors’ claims, there’s no silver bullet to security, and maybe you need to assume that attackers are going to get in. So what’s your Plan B?
According to Dominic Storey of Sourcefire, your security planning needs to take account of all phases of an attack – before, during and after. And perhaps the ‘after’ phase doesn’t get sufficient attention. A lot of what we do after an attack – forensics, SIEM and so on – is disconnected, using isolated technologies and techniques that can’t be pulled together to create a bigger picture.
So it’s time to assume you’ve been breached, but minimise the time to discovery. But does this mean we need to remodel our security? Storey believes the battle has moved from protecting the servers, and attackers are now focusing on the client.
With the security environment being so complex, how do you make sure you have the right security solution for your organisation and the threats you actually face?
According to Storey, the answer is in a ‘continuous security model’ in which security systems are fully joined up throughout the before, during and after phases of an attack – and retrospectively so you can find where problems originated.