Navdeep Gill, Founder & CEO – XenonStack. XenonStack one of the fastest-growing technology consulting and services companies that futurify businesses leveraging cloud-native and AI to deliver data-centric experiences. It started from April 2012 with a vision towards Cloud and Real time Analytics. Initially , Brand Name with Arcadian technocrats and Started giving awareness around Cloud , Big Data and AI.
The Age of Cyber Security
Serious Threats posed to businesses around the world have started to be taken up seriously by executives. However, a holistic strategy that would help them understand and address threats posed by the new age is missing. We will talk about an approach to protect companies from growing threats in the Age of Cyber Security.
New Posture For Cyber Security
For Global Companies that are deeply connected to internal and external systems, Establishing the security posture is a step-by-step process. It starts with Prioritising assets and risks by criticality.
Needless implementation of controls across all assets is the reason for cybersecurity waste and productivity loss. Different assets need different controls. The more critical the asset, the stronger the control should be. Examples of strong controls include two-factor authentication and background checks of employees who have access to critical assets.
To be effective, though, the firm needs a company-wide governance structure built on a strong cyber risk culture. Governance of IT, OT, the IoT, and products should be consolidated into one operating model. The entire business system should be covered, including the third party.
Active Defense Strategy
“Attackers have to be right only once and defense has to be right all the time.”
The active defense strategy is derived from the military defense strategy of combating attacks from a fluid ecosystem where an attack can come from anywhere in any form. It is a very heavy data-centric intelligence intensive strategy of having threat intelligence and analytics functions in the security team. This monitoring-intensive system is often costly to build and operate. However, the costs can be significantly reduced by applying the data-sharing model and getting threat sources from common and shared feeds across enterprises.
Anticipating attacks before they occur is part of this strategy. Its the core pillar of this strategy where Cyber Experts work in sync with Threat Intelligence and Analytics functions. Active Defense strategy also involves methods to invite attackers to attack their servers, intentionally created as decoy servers to gain further intelligence about the attacker’s approach and learn from it.
Starting an Active Defense Strategy in your organization involves heavy investment and willingness to rethink traditional working practices and adapt.
Developing your Security Strategy towards Cloud-Centric
Depending on the usage of Public Cloud(s) in your enterprise, the security posture changes significantly. Cloud Service Providers (CSPs) have their security posture for the core services they provide, and your Security Strategy must work in tandem with theirs. It may require redesigning your Security Posture completely. The changes in security posture involve changes not only in processes but also in introducing new roles for specific functions needed in maintaining Cloud Security Posture.
Rather than having a piecemeal approach for Cloud in your organization’s security posture, It’s important to create a Cloud Security Policies according to Technology architecture your teams to define Security Parameters, Application’s Architecture for Cloud to have
DevSecOps and Continuous everything
DevSecOps and Continuous everything is like two sides of a coin. To bring continuity to security software deliverables, DevsecOps and Continuous everything works hand in hand.
Security vulnerabilities can exist in OSS (open source software) libraries that we import just as much as in the code we write. Manual code reviews don’t scale as Tons of developers are programming every day; the real power of DevSecOps lies.
Continuous delivery pipelines are implementations of the continuous everything paradigm and help validate every commit our teams make. Integrate automated security checks with the pipeline to give you early warnings and monitor escaped security vulnerabilities relentlessly. As you scale, Integrated continuous security approaches also scale.
The role of DevOps in your Cloud Security has a vital role. The application delivery pipelines must enforce the standardized way of deploying and managing applications on the Cloud. Adopting DevSecOps enables organizations to have a culture in which security is a key element of every software project and a feature of every developer’s work.
IAM for MultiCloud
Each CSP has its own IAM framework. Suppose your enterprise’s strategy is to have MultiCloud or Hybrid Cloud during the transition period. In that case, Choosing the IAM framework has a crucial role. Enterprises that use their Identity Management system on-premises need to work with CSPs to integrate them properly. This enables them to integrate their framework and CSP’s IAM in multiple public-cloud environments scenarios.
Platform Convergence (SIEM/SOAR/UEBA)- Accelerating Detection, Investigation and Response
Most of the enterprises going on Cloud rely on their existing SIEM tools for monitoring cloud apps. It enables them to have a single tool for monitoring. However, traditional SIEMs do not offer capabilities to monitor Public Clouds effectively. It’s essential to work with your CSP to define a solution that can integrate with your SIEM and provide the feed of events and monitoring to the existing SIEM, or it’s recommended to choose a new Cloud-centric SIEM and integrate your existing On-Premise feeds with it.
SOAR is the next-gen SIEM With Features
- Advanced Analytics and Forensic Analysis — Threat identification with behavioral analysis based on machine learning, dynamically grouping peers and entities to identify suspicious individuals, and lateral movement detection.
- Data Exploration, Reporting, and Retention — Unlimited log data retention with flat pricing, leveraging modern data lake technology, with context-aware log parsing helps security analysts quickly find what they need.
- Threat Hunting — Empowering analysts to dynamically seek out threats using a point-and-click threat hunting interface, making it possible to build rules and requests using natural language with no SQL or NLP processing.
- Incident Response and SOC Automation — A unified approach to incident response, gathering data from various devices, and coordinating a response to diverse types of incidents via security playbooks.
Continuous Security – Automating Security Operations
In real time, configuring, enforcing, and monitoring security posture and compliance controls. Proactively identifying and resolving issues is Continuous Security. It promotes visibility and accountability of the network activities, especially suspicious network activities, that may mean a security breach and reducing the risk of cyber-attacks with early warning systems (EWS).
Cultivate a Security mindset across the organization and Innovating With Open and Interoperable Cybersecurity
Cultivating the mindset to learn from security lapses worldwide and being prepared for it starts with a strategy and ends with its successful implementation. However, the journey involves redefining your processes, hiring and developing new roles, and training your development, infrastructure, and operations team to respond to the threats proactively.
Two important areas that will become more common in the next generation of SIEM are the continuing use of behavioral-based analytics across users, devices, networks, apps, and cloud environments, as well as the need for more cohesive workflows enabled by more seamless integrations. The evolution of SIEM and Threat Management as a scalable, open security platform that allows security orchestration and automation across people and devices while utilizing sophisticated analytics and AI to offer prioritized, contextual results will fuel the future.