Widen The Approach
IT professional must review skill sets to meet new threats
- By Tom Gilheany
- Nov 01, 2016
Remember the Jurassic Age of organizational
security? You built the stronghold,
hardened the perimeter, established a set
of rules and walked away. Security? Done.
With those days no longer even in the rear
view mirror, IT professionals face a new threat
landscape. Cyber criminals nowadays are doing a lot more than
merely trying to pick the front door lock. They are scraping away
at the siding, burrowing under walls and sending in Trojan horses.
Then there are the most ominous of threats: the insider whose
security mistakes are accidental, due to carelessness or ignorance.
The quick evolution of information security may prompt
you to believe that you must overhaul your organization’s entire security technology. Happily, that is not the case. To meet today’s
threats, you combine old and new security approaches. First, you
think beyond architecture and border controls to add security
operations as a new layer to watch for threats actively and continuously.
Second, you and your staff acquire and polish professional
skills you may not ordinarily associate with IT. Think of
it as the soft side engineering if that is a more comfortable way
to express the concept.
New Technologies Need Smart Guards
Protecting an organization today requires a multifaceted strategy
that takes advantage of evolving technologies: the Internet
of Things, Big Data and analytics. Then, in addition to external
defense, organizations need guards who can monitor, detect and
respond to threats across the entire network in real time.
Analytics and Big Data capabilities are a necessary part of
today’s cyber defense. Turning the entire network into a sensor
enables IT professionals to see the needles in the haystack, hone
in on malicious activity, and shut it off. This transformational
technology poses a distinct contrast to the time-consuming and
problematic manual sorting through alarms that used to occupy
so much of IT professionals’ time or was ignored altogether due
to the impossibility of sorting through the sheer scope logs or
false alarms.
Today, organizations have the ability to leverage analytics engines
that then deliver exactly the security data the organization
seeks, and it permits you to use a prioritized approach to gain
actionable intelligence. This pervasive level of network visibility,
available due to today’s technology, is essential to protecting against
threats and is a core element in today’s cybersecurity arsenal.
Implementing this shift in defense tactics is where new skills
sets come in. The industry needs IT professionals with the skills
to monitor and analyze threat intelligence from across the network.
As a result, security teams today must include more than
just those focused on infrastructure and static rules. To capitalize
on technology that enables network visibility, security professionals
must know what normal network activity looks like in their
organization, and be able to spot anything that deviates from
it. The ability to separate out normal behavior from abnormal
hands security teams the advantage of designing defense systems
that know what to look out for.
Security Thinking is Now Holistic
To flesh out the implications of this shift toward holistic security
thinking, imagine two types of security guards. One, the smart
guard, is a longtime organization employee. The other is a temp.
The smart security guard knows the business owner, knows how
the building’s layout has changed over the years and knows the
delivery staff and employees by sight and even by name in many
instances. This guard is familiar enough with the property and
the people to tell immediately when something just isn’t right.
Most critical, the smart guard is known and trusted by the
office staff. When employees see things that don’t look right (Example:
That car tailgated me into the parking lot, and the driver
didn’t use an access card.), they do not hesitate to provide details
to the guard who can then look into the event.
In sharp contrast is the temp security guard. This guard is usually
not familiar with the property and is simply not capable of
performing more than superficial checks of the building based
on a map that may be outdated. The temp guard also has no established
relationships with employees or property and so is not
capable of noticing that something is amiss.
People Skills Play a Role
in Cyber Defense
To keep today’s organization truly secure, you as an IT security
professional must be plugged into your colleagues as well as the
network. Yes, the ability to pull actionable data from the network
is the first line of defense. But the second line, and growing in
importance, is security teams who are active in all of the business.
By engaging with the rest of the organization, IT professionals
gain the human intelligence that reduces risk and adds nuance to
determine whether activities are harmful or benign.
You want to earn the trust and partnership of business units
so you and the other security team members can work as partners
with all employees to keep the organization and its data safe.
Above all, avoid being regarded as hall monitors who show up
only to sold staff for doing something wrong. You don’t want to
become isolated and disliked because that will deter employees
from reaching out to you without being asked to provide valuable
intelligence. You don’t want to dampen the “if you see something,
say something” approach that is holistic to security.
Ultimately, you as an IT security professional and every security
team member must communicate well with everyone in the
organization because security now is everyone’s job. These socalled
soft side engineering skills include:
- An ability to listen actively.
- Coordinating between IT security team members, and working
as a team to coordinate responses to complex security issues.
- A knack for conveying complex concepts in written and oral
form clearly and succinctly. How else will you explain to colleagues
the steps they can take to help keep the organization
secure?
- A willingness to think of organization employees as customers
and provide the highest level of customer service to them.
The Future of Security is Multidiscipline
Hardened security with walls is essential to organizations to protect
their infrastructure. Emerging technologies such as cloud,
IoT, automation and network programmability make it critical
for that security to be embedded in the mindset and information
flow of an organization.
Today’s IT professionals must be engineers with the technical
and people skills and awareness to design, deploy and manage
an operations approach to security. By combining fortified walls
with smart guards throughout the infrastructure, organizations
will benefit from a multidiscipline approach to protecting their
most sensitive data.
This article originally appeared in the November 2016 issue of Security Today.