In the current business environment, organizations are doing everything in their power to avoid being breached. Yet, hackers get past security defenses and steal proprietary data since security solutions are less-than-foolproof. Saryu Nayyar, CEO of Gurucul provides an overview of five major, overlooked security gaps and how to tackle them to emerge in fighting form post-pandemic.
While every organization is different, when it comes to IT securityOpens a new window there are generally five ubiquitous gaps shared by all companies. To understand these, consider the following basic truths.
- First, no security solution is 100% effective all the time.
- Second, new threats Opens a new window are constantly emerging.
- Third, not all security gaps are obvious and as such are easy to overlook.
And finally, it’s important to recognize how security gaps originate. As a result, virtually every organization is faced with processing far too many alerts and lacks the context required for automation to be effective.
Learn More: The Benefits of Pairing Unified Endpoint Management and Device Management ProgramsOpens a new window
1. The Unknowns
The first major gap is what we call the unknown unknowns, or you don’t know what you don’t know. Even with the right processes and tools in place, it’s not uncommon for threats Opens a new window to slip through the cracks. The challenge in addressing this gap is being able to identify the devices, people, and relationships between them as well as permissions that already exist but may not be apparent.
Work environments are in a constant state of evolution. The rise of mobile work, especially due to the COVID-19 crisis, has changed how people access IT resources and how they expect to get things done. Securing mobile devices can be a challenge, especially when the security team doesn’t even have much in-depth control of employee devices and may not even be entirely sure what they’re using. Personal devices are another challenge, especially when people are accessing VPN connections into the corporate network from home systems.
Meanwhile, the use of IoT devicesOpens a new window has been proliferating in many organizations. Even with minimal computing resources, they are attractive targets since they often are plagued with security vulnerabilitiesOpens a new window which are rarely patched and often ignored.
In addition, people can also fall into that unknown category. For example, how do we know the risks an insider poses to the organization? Are they preparing to leave for some reason? Have they used their privileges to access Opens a new window sensitive information not needed for their job? What about insiders who are actively trying to harm the organization? Internal threats can be hard to identify and harder to contain. External threats can be equally vexing, like a contractor or temporary worker that’s funneling information to a competitor.
Learn More: Rebuilding Consumer Trust through Responsible Data UseOpens a new window
2. Extracting Actionable Intelligence from Multiple Data
These usually provide different information in a variety of formats and assign distinct priorities. Consolidating and correlating this information can be a real challenge. Additionally, it can be hard to recognize which information and context are important and just how to correlate it all. Did the system flag physical card access to the server room when that user is simultaneously active on their VPN?Opens a new window Usually, the answer is no. Instead, security analysts need to understand how each tool prioritizes the information they’re providing, which leads us to the next major gap.
3. Prioritizing Investigations and Remediation Actions
Most organizations struggle with this since they lack a coherent view of threats and are unable to easily identify subtle correlations between risk indicators. Especially since each security applicationOpens a new window can assign a different priority to the same kind of event. While an experienced analyst will learn to recognize what’s most important in their environment, they still have to sort through the different priority levels they’re seeing. Lastly, each security product has a different way of presenting data. Sometimes when they are very similar, this can make things even more confusing. Two graphs may look the same but are reflecting on different priorities.
Learn More: Helping Employees Understand Cybersecurity: Clear Expectations are the KeyOpens a new window
4. Privileged Access
The fourth gap, privileged accessOpens a new window , is difficult to manage and is often abused. Granting excessive permissions and inherited profiles are the main culprits here. It’s a common practice to provision new users with the same privileges as existing users out of convenience, and it’s equally common to not revert permissions when someone moves into a new role. For example, consider the implications when someone is provisioned based on one of their peers’ permissions, and that colleague has changed roles three times while maintaining all of their inherited access privileges.
Dormant user accounts pose another significant risk. While deprovisioning accounts when an employee leaves the organization is a known best practice, sometimes it just doesn’t happen or gets put off because the departure is only supposed to be temporary.
Learn More: Embracing Open Standards: Why We Must Work More Like Cyber Attackers to Beat ThemOpens a new window
5. Third-Party Access
The final gap is third party accessOpens a new window , which can easily go unrecognized. We’re all familiar with high profile breaches that were made possible when an attacker compromised the credentials of an outside vendor with access to the organization’s network. With so many third parties having access to an organization’s IT infrastructureOpens a new window via integrations with on-premises and SaaS Opens a new window applications, it can be difficult to identify threats originating from trusted external users, let alone mitigate them.
Conclusion
While there is no silver bullet that can fill all the gaps, applying analytics to existing security dataOpens a new window sources can go a long way towards exposing unknowns and mitigating the gaps. Ingesting intelligence from an organization’s existing security infrastructure can help provide a more complete picture of risks. Meanwhile, unifying disparate data sources and normalizing their outputs enables broad analysis that can tease out subtle relationships and signs of compromise that otherwise wouldn’t be apparent.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!