Page 3 - Cyber Warnings - November 2015
P. 3
Real-time INFOSEC Automation & Encryption Reduces Risk
Friends,
In this month’s edition of Cyber Warnings, we wanted to share some
ideas in the area of encryption and security automation. If you think
about it, we just can’t keep up with the latest threats. Whether it’s a
distributed denial of service attack (DDoS) or malware propagation, it
seems we’re always finding about the data leakage, after the fact, when
it’s too late.
There are many tools out there – from Security Information Events
Management (SIEM) systems, to the underlying traffic, network and endpoint feeds – firewalls,
intrusion detection and prevention systems and of course the latest and greatest anti-virus, yet we
still are behind the 8 ball when it comes to proactively blocking the latest threats. However, if you
could setup these tools properly, to report critical events, in real-time, to your SIEM and have that
alert you from these rolled up events, more efficiently and automatically, you could begin to take
charge of your network and get one step ahead of the next threat.
Meanwhile, with so many employees clicking links in email and getting infected with Remote Access
Trojans (RATs), you have to wonder if automated blocking and alerting is enough. It’s not. You
have to train your employees better to understand simple best practices for email file and hyperlink
sharing as well as URL browsing, where much of the drive by malware is deployed. This, will also
reduce risk, but ultimately, encryption is one of the best things you can do – encrypting files, data,
databases, emails, attachments, etc.
Encryption of data and files both at rest and in transit will dramatically reduce the risks of being
exploited. We’re always understaffed and cannot keep up with the latest threats. That’s why
automating as much of your INFOSEC technologies and best practices, as possible, makes the
most sense. For example, automated BYOD management, automated patch management,
automated remediation, etc. The more critical your data, servers and services, the more
automation is required. Why repeat any process, if you can find a way to automate it?
Now is the time to ask your INFOSEC vendors – where’s the automation in your solution? How
much of this solution can be automated? How much flexibility in your INFOSEC policies or rules
that drive the alerting, blocking, detecting, correcting and remediation of risk can you offer? How
easy is it to configure automation – be it alerting or remediating? These are really important
questions because you just can’t manually keep up with the latest threats and attacks against your
critical infrastructure and customer data. Reduce risk and stay vigilant using automation and
encryption wherever possible.
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
