Day: February 12, 2016

Posted on

Security Breach Management: Handling The Storm With Aplomb

2015 was marked by far too many digital security breaches, a trend that every company hopes to see reversed in the coming year. Unfortunately, as industry expert Leo Scanlon notes, it is unlikely that we’ll be able to stop them all. In this digital era, security breaches are part of the new normal.

So, what should you do when facing a security breach? The most important thing that you can do is stay calm. If you keep your wits about you, you will be better able to approach the problem and implement a solution to protect your clients and your company. Here is how to move forward in the face of a digital security breach.

Plan Ahead
While you may not be able to plan for the exact details of a security breach – if you could, then you could prevent it from happening – what you can do is prepare a preliminary plan of action for any future breach. Write out a general timeline for what actions need to take place and in what order. This way, when something does happen, you do not lose any time giving direction. All you need to do is to fill in the specifics of the event.

Communicate Clearly and Calmly
When a breach does occur, it is important to prioritize communication with your team and with your clients. Start with your team. Describe the event, review the plan of action, and make sure that everyone is clear on his or her role.

It can be worth it to sit everyone down to discuss the breach rather than send emails about the issue. This allows people to ask questions in real time rather than sending lots of follow-up messages. You might even consider serving everyone a cup of tea. Green tea reduces stress and can calm down anxious team members in a visceral way, moving them from high anxiety to centered focus.

After you have alerted your team, everyone can split off to appropriate tasks ranging from developing a patch to prevent system attacks to calling high profile clients. You will also need to contact a range of other people, including a lawyer and police.

Additionally, make sure your public relations department is ready to issue a statement and field phone calls. Give them a quick FAQ sheet and a directory of who to call about which issues. By preparing public relations as well as you can, you avoid clogging up other employees’ lines with client issues.

Talk and Train
While a security breach tests training effectiveness on the ground, this is also a good opportunity to schedule follow-up training. Then, while working to resolve this breach, note the areas in which employees struggle. These should be central to your next training session.

You should also contact some of your industry peers to find out what they do to prevent security breaches. This does not mean that you need to mimic their strategies, but if you know that someone is using a different approach, you should document clearly why you are doing something else. That way, if you do suffer a breach, you have demonstrated a well-thought-out strategy rather than an arbitrarily chosen system.

Big Fixes, Small Details
Ultimately, when you suffer a data breach, it is important to focus your attention on two issues: the big problems that need to be remedied immediately and the small problems that contributed to the breach but were overlooked during earlier development phases. Start big, and then shift to the small to protect yourself now and down the road.

For the sake of companies and clients alike, hopefully 2016 holds fewer security breaches. But, to make this dream a reality, every company will need to assess regularly its security systems and breach preparation. Failure to plan is planning to fail, so put that plan in place now.

Larry Alton
Writer
[ISACA Now Blog]
Posted on

The Cybersecurity Canon: Cyberdeterrence and Cyberwar

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Book Review by Canon Committee Member, Brian Kelly: Cyberdeterrence and Cyberwar (2009) by Martin C. Libicki

Executive Summary

My interest in the Cybersecurity Canon project and appreciation for a common body of knowledge shared amongst professionals can be traced back to my time as an Officer in the Air National Guard.

Each year the Air Force Chief of Staff would issue a “reading list”; in 2010 Cyberdeterrence and Cyberwar by Martin C. Libicki was on the list under Mission, Doctrine and Profession. Back in 2008 Lt. Gen. Robert Elder, Jr., then Commander of Eight Air Force (8AF/CC), sponsored the study “Defining and Implementing Cyber Command and Cyber Warfare.” This book represents the results of that study. The reading list and, more specifically, this book were meant to inform senior Air Force leaders and decision-makers. The basic message of Cyberdeterrence and Cyberwar is: Cyberspace is its own medium with its own rules; thus, deterrence and warfighting tenets established in other media do not necessarily translate reliably into cyberspace.

Review

On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command. The United States Cyber Command (USCYBERCOM), as we know it today, is located at Fort Meade, Maryland. The establishment of U.S. Cyber Command marked the ascent of cyberspace as a military domain. This book focuses on policy dimensions of cyberspace and cyberwar: what it means, what it entails, and what threats can defend or deter it.

Libicki’s background is non-cyber national security history and policy, and that knowledge and background will benefit readers unfamiliar with Cold War era concepts as they relate to cyber.

Cyberdeterrence and Cyberwar is divided into nine chapters. Chapter One covers the introduction and purpose of the book, which clearly is to focus on military policy as it relates to cyberwar. Chapter Two introduces readers to a conceptual framework for cyberdeterrence and cyberwar. It explains external and internal threats and defines cyberattack and cyberdeterrence. Cyberattack is the deliberate disruption or corruption by one state of a system of interest to another, and cyberdeterrence is the capability in cyberspace to do unto others as they would do unto us. Chapter Three asks, “why is cyberdeterrence different?” and focuses on analogies to game theory and nuclear deterrence. Foundationally knowing “who did it” is critical; today we think of it terms of attribution. All decisions, policy or operational, are based on attribution. Chapter Four considers cyberattack and the purpose of the attack. Potential purposes range from “oops” to rogue operators and the implications of each. Chapter Five offers a primer for a strategy of response. This chapter has relevance today as the idea of “hacking back” or “active defense” has become a popular concept in the strategy of response. Chapters Six and Seven outline “strategic” and “operational” cyberwar and offer conclusions on both. Chapter Eight is dedicated to cyberdefense and concludes that deterrence in cyber terms may be too problematic to offer much surcease from cyberattacks. It outlines the goal of cyberdefense to include architecture, strategy and policy. Chapter Nine is simply titled “Tricky Terrain” and offers the defend, disarm or deter triangle as an illustration of approaching a threat that cannot be denied. We know now that cyberattacks are a threat that cannot be denied.

Conclusion

Much has changed since this monograph was published back in 2009; and, while some cybersecurity experts may not agree with Libicki’s conclusions, we can’t argue the significance this work has as a historical text in the cybersecurity professional’s education. I would recommend Cyberdeterrence and Cyberwar for the Cybersecurity Canon. Reading this book in 2016 allows the reader to both compare and contrast Libicki’s conclusions against the backdrop of cyber events that have occurred over the last decade.

[Palo Alto Networks Blog]

Posted on

The Best of Both Worlds: Building a Secure Hybrid Data Center with AWS

If you’re looking for a new car, you may be considering a hybrid – one that combines electric power for efficiency and mileage with traditional internal combustion to recharge the engine and extend the travel range. For many buyers, it is the best of both worlds, providing greater flexibility to extend your trip as needed. The same concept applies to a hybrid data center – one that combines your own, dedicated on-premises resources with the scalability and agility of on-demand compute, networking and storage resources such as those from Amazon Web Services (AWS).

As the insatiable appetite for compute and storage resources to support the business continues unabated, customers are using the public cloud as a way to augment their data centers more quickly and more efficiently than in the past. Initially, a hybrid approach was viewed as a step toward migrating all applications and data to the public cloud. In reality, many customers are settling on a hybrid approach as their new data center architecture.

In a recent conversation I had with a customer, two new physical data centers had just come online, and they were already over-subscribed. They were looking to AWS as a way to extend the life of their data center using a hybrid approach. When you think about it, a hybrid approach makes the most sense. First off, it allows you to start small and establish some guidelines around which applications and data should reside in the cloud. There will be legacy applications that cannot or should not be migrated. There will be data that, after careful internal analysis, does not belong in the public cloud. For new applications, you might look at adopting a simple cloud-first mentality that says: for new applications, look to the cloud as the deployment location. A more advanced cloud-first approach entails changing your application development methodology to one that is componentized, makes heavy use of APIs, can be updated rapidly, and can be deployed globally – in the cloud first.

From a security architecture perspective, a hybrid data center is an extension of your data center and therefore should be treated no differently than your physical data. This means that you should:

  • Know exactly which applications are running in the cloud and whitelist them to ensure they are the only ones allowed in the cloud
  • Segment the applications to control which can talk to which and limit lateral movement
  • Enable applications based on the user credentials and the business need
  • Apply threat prevention to block threats from accessing your cloud applications and data while also blocking them from moving laterally

When deployed in AWS, the Palo Alto Networks VM-Series can securely enable your hybrid data center, acting as an IPSec VPN termination point and as a virtualized next-generation firewall, protecting your AWS deployment with application control and advanced threat prevention. More advanced use cases include segmentation for added security and compliance purposes through VPC to VPC and subnet to subnet policies. In effect, you can mimic your physical data center security in AWS.

To learn more about how a hybrid data center with AWS might benefit your organization, check out these resources:

 
[Palo Alto Networks Blog]
English
English
Exit mobile version