Visibility driving security value
"Firstly, you've got to find all the moving parts (of an application) and identify everything," said Kaplan. "Once you know what you have, you can then properly secure it."
Other areas to look at are configuration hardening, and focusing and rationalising investments. For instance, organisations need to know how many firewalls, intrusion detection systems (IDS) and such are really necessary. Thereafter, they need to decide the best location for it and look out for any gaps in the coverage.
Kaplan also suggests deploying network behaviour anomaly detection to identify suspicious activities like DoS attacks, host and port scans, dubious connections, rogue DCHP servers, new hosts, worms and more.
"Running behavioural threat detection on your network is not the hardest thing to do, yet many don't adopt this measure," said Kaplan. "Like everything, it starts from the core and works its way outwards. So if we can stop these things and slow them down earlier on, we can get ahead of the game."
Additionally, organisations should implement proactive monitoring and reactive spot checks, advised Kaplan. "User-defined policies are your friend, but back it up with reports. They help to clean up a (security) mess efficiently," he added.
Kaplan went on to share a worrying incident with a customer: "We visited a school to analyse their networks and showed them which of their systems were infected. However, they said that they can't do anything about it until the school semester ends. I knew right then that this was going to be a losing proposition."
"You can't wait on these things," emphasized Kaplan. "Once you know about it, you have to go and deal with it."
Demand-driven security catalysts
"Network awareness is important. It's amazing to me how many people don't know how the networks are utilised, and it's the number one thing to me for improving security," said Kaplan.
"We also have to be conscious that as the data spreads out, we can be layered everywhere. We have to better classify the data so we can apply tighter controls where the most important data is and budget our money there. We can't do the same maximum security for all data," he added.
Besides layering security and incorporating security elements at multiple levels, Kaplan recommends continuous monitoring and to constantly be vigilant because the "attackers only have to be right once".
The fourth area in improving security is automation, which refers to reducing manual process and freeing up limited personnel through automation tools and techniques. This includes automating reports as well as alerts, said Kaplan.
Additionally, analytics should also be utilised to empower more rapid and effective decision making. "In theory, governments and companies have access to computing resources and everything that I could ever dream of. We should leverage some of those big data to track these security threats," elaborated Kaplan.
Lastly, Kaplan pointed out the importance of education and training. End-user security awareness and education, as well as cyber-practitioner training is needed to heighten defence.
Sign up for Computerworld eNewsletters.