The word "paranoid" has a negative connotation in most contexts. But when it comes to your network security, a healthy level of paranoia is crucial. Defensive thinking can give you the kickstart you need to protect your business from network intrusion and subsequent data exfiltration.
Being proactive about threats is the key to success in this endeavor. The more aware you are, the better. As reported by ZDNet, IT pros agree: Intrusion detection is the number one area where IT professionals will spend their budget in 2016.
So what can you do with your own budget to reduce downtime risks, prevent successful attacks and maintain peak performance — all without straining your IT resources to their limits? It's all about how you view it.
How to Proactively Address Network Intrusion
Your first priority in addressing network intrusion is to develop a full understanding of all threat vectors pertaining to your network architecture, says Jennifer Allen, Red Team manager at Twinstate.
That's a bit more complicated than simply taking an inventory of your hardware and network. Other major considerations include the people (first party, like employees, or third party, like vendors) that interact with and connect to your network and hardware, the processes and organizational policies through which they do so, and the sensitive data stored on the network.
What you're actually trying to protect, after all, is your sensitive data and the business functions that data and your devices support. So addressing data protection and network intrusion becomes a matter of clearly understanding where the highest risks are and where the business risk is within the network.
"That understanding is critical to finding the best way to prevent intrusion," says Allen. If you only have a printer on your network, you won't need the full-scale solutions you would need for a larger network with more devices and potential threat actors.
To prevent network intrusion, Allen suggests using a combination of technologies, including strong perimeter protection with Intrusion Detection and Intrusion Prevention Systems (IDS/IPS). Further, correlating events across the perimeter, internal network devices and endpoints can help you establish baseline events and behavior.
"That holistic view of your network health will help you more readily identify irregular behaviors that may indicate either a breach or activity leading to a breach," says Allen.
Maintaining Peak Performance
Your network should never be a hindrance to productivity or performance, so it always has to perform well. Understanding how your business activities are facilitated on your network can help you identify unnecessary or crucial network components, and eliminate those that don't serve your organization.
You might find that certain sites aren't mission critical, or that you have workstations out of use that you could take offline. Understanding the risk and value of each component truly helps you ensure your network is designed optimally and running optimally. It also helps you clarify where you should allocate resources in designing a security program or architecture, and where you don't need to put in further effort.
Another benefit to this clarity: It can help you better respond to threats. If you do need to address an incident, you'll know exactly how to best protect the business activities and peak performance of your organization itself. You can aim for protecting the parts of the network most critical to the business.
Leverage Your Team
Your IT team might be strapped for time and resources, and it can be tough to ensure you have the human bandwidth you need to proactively address the network's security. But remember that statistic about budget spend on intrusion detection? Those same survey respondents didn't even rank user security training in the top 16 areas of budget spend.
Writes Ken Hess in ZDNet's Taking Back the Network, "Training is another overhead — a cost. But what is the cost of a significant data breach? I can't answer that for every case, but I can tell you that user training is about ten percent of the cost of a pretty insignificant data breach. You do the math."
So your IT team should be educated — and that may require an investment in training. Says Allen, "It starts with ensuring your team has the time required to understand sensitivity, risk, what's mission critical (and what isn't), and the full inventory of endpoints, devices and applications."
You'll also want to arm them with the knowledge they need to respond to events on the network that falter from your baseline, those that may indicate an attempted or successful breach. Incident response is a specialty skill, and any breach should be handled by experienced professionals using best practices to limit damage, ensure integrity of reporting and reduce duration of impact. Your IT team will need to understand their own limitations. Security is a diverse set of specialties, and as you know, not everyone on your team can be everything.
"A myth that continues to haunt the industry is that 'IT World' is a single specialty," says Allen. "In reality it’s much more like healthcare. You can’t just go to any doctor and expect them to know everything about every component of your physiology. Even general practitioners are generalists first.
"Your IT team is much like them — they know when they need to make a referral to a specialist. Sometimes that's a person, sometimes it's a tool or a network component. But the IT team should be armed to make that call."
Network Intrusion: Education First
Whether it's gathering a full inventory of your hardware and endpoints, developing your holistic view of the network, or continued awareness training for your IT team, your main priority in proactively addressing network intrusion is education. Start there and you'll be well on your way to becoming more secure — and yes, maybe still a bit more paranoid — than ever.
Originally published on 05/24/2016