Being Practical About Security
Again, Some of my thoughts on Security from my perspective.
Let's start with a practical problem we have at homes. When some one asks what security measures have you taken to at home. What is your reaction when you hear the answers like "I bought a safe chest password enabled to protect my valuables".
"I bought insurance for all the valuables".
"I don't put any valuables at home, I put them in bank locker".
All these are valid answers but do they solve the actual problem? What is the actual problem?
The actual problem is your home is not secure. How come your are more worried about putting the valuables in a safe place rather than worrying about securing the access to your home?
That is exact problem on the web as well. The asset in this case is the "Data". Various kinds, types, formats of data exist in a large enterprise. We are hearing a lot about Data Encryption, Data Backups to preserve loss from corruption. These are 100% necessary for all enterprises. But, my point is security is "encryption + "Data Backup" + "bit more".
Security should not mean locking down everything and making it impossible to even access ones own assets. But enough limitations should be in place to stop a bad guy. That is a challenge.
This article talks about that "bit more":
1) The company should determine the guidelines for Data Creation, Retrieval, Update, and Deletion
a) Rules on who can create the data, who has access to data. Limitations.
b) What happens when a rule is broken? Alert or Alarm? who is responsible and what action is required.
c) Multi level Authenticity and Authorization. This compliments (b) above very well. What if a employee wants to access data that he has not accessed in last 10 years ? what if he s trying to read some confidential information that he is not originally authorized. A second level of authorization check will resolve the problem in most cases.
d) Logging everything. Everything that happens in a enterprise needs to recorded and should be available of analysis and auditing.
e) Very important: Classification of Data based on business value and auditing purpose.
f) Clear vision of entire enterprise workflows. No grey areas for security admin.
g) Create a bench mark of normalcy that we use in next step. what a normal activity looks like. what kind of deviation is OK? and when to freak out ?
2) Analyzing the past to identify any suspicion, loop holes, or areas of improvement.
This second phase is interesting. Now we have logs, metrics, and others of data that comes from each and every activity. We also know what normalcy means from Step #1 above. Now its time to analyze the history and create some charts, graphs and also throw the data on the wall to see if anything is obvious. Yes I am talking about Machine Learning (Supervised + Unsupervised). We can see patterns and behavioral changes and suspicious activity that can be dug deep.
Some one can ask what is the need for Step # 2 (Analytics / Machine learning). The answer is simple. What if a company has a rogue employee trying to steal important information that does not belong to him? Or what if the account credentials are compromised / stolen by an outsider? in this case, most of the transactions performed using the stolen account might look legit except when you see a unusual pattern taking shape. Data Analytics can be really helpful as it can also provide the exact areas on which company can invest to improve the security and availability.
SIEM can be helpful in both the steps depending on how well you can configure the tool.
CLICK HERE TO LEARN ABOUT AI OPS
Let's start with a practical problem we have at homes. When some one asks what security measures have you taken to at home. What is your reaction when you hear the answers like "I bought a safe chest password enabled to protect my valuables".
"I bought insurance for all the valuables".
"I don't put any valuables at home, I put them in bank locker".
All these are valid answers but do they solve the actual problem? What is the actual problem?
The actual problem is your home is not secure. How come your are more worried about putting the valuables in a safe place rather than worrying about securing the access to your home?
That is exact problem on the web as well. The asset in this case is the "Data". Various kinds, types, formats of data exist in a large enterprise. We are hearing a lot about Data Encryption, Data Backups to preserve loss from corruption. These are 100% necessary for all enterprises. But, my point is security is "encryption + "Data Backup" + "bit more".
Security should not mean locking down everything and making it impossible to even access ones own assets. But enough limitations should be in place to stop a bad guy. That is a challenge.
This article talks about that "bit more":
1) The company should determine the guidelines for Data Creation, Retrieval, Update, and Deletion
a) Rules on who can create the data, who has access to data. Limitations.
b) What happens when a rule is broken? Alert or Alarm? who is responsible and what action is required.
c) Multi level Authenticity and Authorization. This compliments (b) above very well. What if a employee wants to access data that he has not accessed in last 10 years ? what if he s trying to read some confidential information that he is not originally authorized. A second level of authorization check will resolve the problem in most cases.
d) Logging everything. Everything that happens in a enterprise needs to recorded and should be available of analysis and auditing.
e) Very important: Classification of Data based on business value and auditing purpose.
f) Clear vision of entire enterprise workflows. No grey areas for security admin.
g) Create a bench mark of normalcy that we use in next step. what a normal activity looks like. what kind of deviation is OK? and when to freak out ?
2) Analyzing the past to identify any suspicion, loop holes, or areas of improvement.
This second phase is interesting. Now we have logs, metrics, and others of data that comes from each and every activity. We also know what normalcy means from Step #1 above. Now its time to analyze the history and create some charts, graphs and also throw the data on the wall to see if anything is obvious. Yes I am talking about Machine Learning (Supervised + Unsupervised). We can see patterns and behavioral changes and suspicious activity that can be dug deep.
Some one can ask what is the need for Step # 2 (Analytics / Machine learning). The answer is simple. What if a company has a rogue employee trying to steal important information that does not belong to him? Or what if the account credentials are compromised / stolen by an outsider? in this case, most of the transactions performed using the stolen account might look legit except when you see a unusual pattern taking shape. Data Analytics can be really helpful as it can also provide the exact areas on which company can invest to improve the security and availability.
SIEM can be helpful in both the steps depending on how well you can configure the tool.
CLICK HERE TO LEARN ABOUT AI OPS
Comments
Post a Comment