You've probably been breached already.
So, instead of focusing on the wrong threats, you should "assume breach" and begin to collect the data you'll need to help you prevent further attacks.
In other words, assume that your average security controls are inadequate to stop a breach and concentrate on limiting the damage a hacker can do once (s)he is inside your network.
For too long, network security has focused on protecting the perimeter. This is certainly vital, but focusing only on this has left our systems more vulnerable to attack.
Research suggests that 99 percent of the most successful attacks occur because of unpatched software and social engineering, but we're simply not aligning our resources to focus on these things because of the never-ending onslaught of new security threats we're challenged with facing.
To combat this thinking, you need data. And a data-driven security plan helps focus your attention on where your network is the most vulnerable.
- Collect better threat intelligence,
- Rank risks based on that intelligence,
- Use logging and monitoring to collect metrics; and,
- Create policies and procedures based on these rankings and metrics
While it's good to know that your firewall is blocking malware or your scanners have found thousands of vulnerable exploits, a better metric is to find out how many malware programs your antimalware software failed to detect and for how long.
But sometimes even large organizations don't have the time or tools to assess this: was it unpatched software, a phishing email or a misconfiguration?
A Strategic Security Assessment or on-going Managed Security Services can assist in answering these questions over the long-haul.
An SSA can tell you everything about your security environment and what your company is doing (or not doing) to safeguard your systems while a Managed Security Service Provider can perform logging and monitoring and gather security intelligence to help you align your resources.
"Assuming breach" isn't admitting defeat, it's simply learning from experience to build a better defense.
Please call 865-244-3500 or email us at firstname.lastname@example.org if we can lend you our experience to secure your future.
Read more about digital forensics: Are You Kidding Me? Digital Forensics Spending Expected to Double What's Your Network's "Normal?"
(ISC)2 CISSP Training
Sword & Shield's official five (5)-day (ISC)2
CISSP Certification Training gets you trained, certified and back to work within a week with the skills necessary to protect your organization from hackers, attackers and security threats.
Our program always delivers the most up-to-date, authorized content and is backed by our certification process. The course includes an exam voucher that can be used at any (ISC)2
-approved testing facility.
This training course is intended for professionals who have at least five years of recent full-time professional work experience in two or more of the eight domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers.
Our next class is July 18-22 and the cost of the class with a test voucher is $3,495. The price without the test voucher is $2,995. Register for your class now
In The News...
Sword & Shield Continues Streak as Top Tennessee Solutions Provider
Sword & Shield Enterprise Security remains the highest ranked Tennessee company on the 2016 Solutions Provider 500 (SP500) list, making this the 10th year in a row the IT security and compliance company has appeared on the distinguished lineup.
The SP500 is CRN's predominant channel partner award list, serving as the industry standard for recognition of the most successful solution provider companies in the channel since 1995.
Sword & Shield came in at No. 117 on the 2016 list. Read more Protecting Yourself from Scammers
Sword & Shield Security Analyst Russel Van Tuyl talks with WVLT about how to protect yourself and your personal data from scam artists. Watch the Video