To many security professionals, buying solutions to prevent a security attack is their strategy to keep hackers out of their networks. But, in today's world of cyberincidents where hackers are becoming increasingly sophisticated, that simply is not enough. Inevitably, a security breach will happen because hackers will find a way to bypass your security monitoring mechanisms completely undetected.

Look at TJX for example. Three years ago, its security team found that hackers had gained access to its network 18 months prior. Meaning, for 18 months, a hacker was completely undetected by the security prevention measures deployed by the company.

Effective security strategy

While most organizations implement security tools that target prevention, those same organizations fail to understand the full spectrum of security. Prevention is only one part of the equation. Detection and incident response are arguably more important. 

1. Prevention. We know prevention is not a 100 percent guarantee. Recent security breaches at Google, Adobe, The New York Times, T-Mobile, Heartland Payment Systems, LexisNexis, Visa, MasterCard, and even prominent security vendor Kaspersky provide proof that prevention is not an absolute.

What happens when a hacker is successful at breaking through your “secure” system?

2. Detection. When a breach occurs, what happens next? That's where effective detection capabilities must take center stage. The ability to instantly address security incidents is a critical strategy organizations often neglect to implement, even though the cost of failure is so great.

3. Network forensics / incident response. With a comprehensive incident response plan, you simply rewind the tape, like a surveillance camera at a bank that was just robbed. Network forensics provides organizations a rewind feature to quickly identify the true source and scope of any incident and even what happened to specific files, data, etc., so you can take immediate steps to rectify the situation. However, without the necessary network forensics tools and a plan, swift incident response is difficult to accomplish.

Three steps to preparedness

Typically, when a security breach is detected weeks, months or even years after the first incident occurred, the damage has been done. So, why do so many companies wait for a crisis? Forensic preparedness reduces the cost of response and helps determine exactly and instantly the data being compromised.

Preparedness might seem like an impossible task. How can we anticipate every threat out there? How does a company prepare for the unknown and unexpected? By addressing all three pillars of an effective security strategy – prevention, detection and incident response.

1. Move past prevention. Since security professionals can only stop what they know, we must advance past the first pillar. The “unknown unknowns” will continue to roam in the wild and until they are identified and classified, prevention alone will not be sufficient. These threats will be targeting vulnerabilities we are not aware of. Just look at the vast number of recent security incidents, including Hannaford Bros., Network Solutions, American Express and many others. Eventually, vulnerabilities will be found and exploited and a breach will occur.

2. Don't rely on compliance. Compliance is only a start, but regulations are really there just to provide a framework — and force adherence to — good security practices. For those who believe they will not be hacked because they are complaint with industry standards, think again. It can and does happen, just look at the Heartland breach. While Heartland was compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS), it still experienced the biggest breach ever involving payment card data. There are simply no guarantees when motivated attackers have an eye for your assets.

3. Investigate, detect and fortify. Lastly, we must understand that securing our networks and data also includes swift detection of the source and scope of any security incident. This is critical to enable instant and intelligent response. Rapid detection of a breach is arguably more important than just trying to prevent one. This holistic perspective helps you know exactly what is going on within your networks. Then, when something questionable happens, immediate response to mitigate the incident provides more protection to your organization's bottom line and brand equity than with prevention alone. 

In the United States, the term “hacker” carries a negative connotation. It conjures an image of a dark room filled with computers and a lone man attempting to break into bank or credit card networks to steal as much personal information as he can.

While there are plenty of “black-hat” hackers engaging in criminal activity for their own gain, the term hacker has an entirely different meaning. A hacker is simply a programmer for whom programming is reward enough. They tend to be curious individuals who test the limits of what is possible in computing. Unfortunately, the term has become synonymous with “cybercriminal” and now that this image is etched into the conscience of American society, there isn't much this unorganized group of people can do to restore their reputation. Articles like this one also make it difficult for ethical hackers to shed this image.

Strict interpretations of DMCA, EULAs  and other laws or regulations have made criminals out of "white-hat" hackers whose only goals are to test the bounds of computing. The truth is we need hackers. Hackers are some of the most computer savvy individuals and their unique knowledge can be helpful in all kinds of scenarios. For example, an organization can hire a hacker to find possible vulnerabilities in their network, or a network security company can hire a hacker to help create a more secure firewall or other security devices.

While hiring true cybercriminals may not be advisable in all cases, to say that someone who was convicted of a cybercrime could never be trusted is laughable. Criminals reform, and these cybercriminals posses knowledge that possibly no one else has. Why not use their expertise to create a safer internet environment?

Other countries understand the distinction between cybercriminals and hackers. Some even create college programs that teach hacking techniques. Why? Because at the very least those who develop our network security solutions should understand how cybercriminals operate on a practical and technical level.

There's an old Irish proverb, “May you be in heaven half an hour before the Devil knows you're dead,” that has special relevance to IT security these days. Over the past couple of years we have seen a rapid transformation of IT security threats from relatively slow moving, mass infection phenomena focused on inconveniencing IT operations to fast, stealthy, hit-and-run attacks targeting economically and national security sensitive data. While a multi-billion dollar industry has grown up to defend enterprises and consumers from mass infection security threats, the IT security industry is still in the early phases of coming to terms with targeted, under-the-radar threats that may do damage that victims may never discover.

These attacks succeed for three reasons. First, the attacker knows much more about victim's IT infrastructure than the defender does. Second, the attacker understands that the faster they can move in, steal data, and disappear, the more likely it is that victims will never know that they have been ripped off. Finally, the task of securing IT assets (hardware, software and the data they process) has become a complex, expensive undertaking that many organizations prefer to avoid.

The imperatives for IT are straightforward. First, gain deep real-time visibility into every asset on your infrastructure. This not only will reduce or eliminate the target knowledge advantage enjoyed by your adversaries, it makes possible the second imperative: Reduce remediation and change latencies to as near zero as possible. While this strengthens the first line of defense — closing off known vulnerabilities, a.k.a. disasters waiting to happen — it can also enable you to see and shut down abnormal behaviors as they play out. Finally, automate and consolidate systems management and security processes wherever possible. This cuts complexity, cost, and opportunities for error.

I know these recommendations sound like very tall orders or things that your so-called trusted advisers have not told you, I can assure that commercially available technologies exist today that provide a solid foundation for instilling the disciplines of visibility, speed and process efficiency. Getting to heaven is something no one can promise, but keeping the IT security demons in a state of ignorant impotence is definitely on the agenda.

The Bay Bridge, connecting San Francisco to Oakland, Calif., carries approximately 280,000 vehicles per day. Many of those vehicles are transporting employees to their workplaces in the greater San Francisco-San Jose-Oakland area, which is why those of us who work at Cisco headquarters in San Jose were directly affected or know someone who was by the bridge¹s recent and unexpected shutdown. This debacle, caused by failing and falling bridge beams, left thousands of workers stranded, backed up in traffic, or forced to find alternate means of getting to work, such as circuitous commutes, ferries, or public transit. Others found alternate means of working.

Employees with remote access capabilities and those whose jobs do not require full-time, in-person presences could telecommute during the bridge closing. Although this does not seem like a revolutionary notion in our day and age of anywhere, anytime work and with wireless access in every airport, hotel, and coffee shop, are most organizations gearing up all of their essential employees with the capabilities to work remotely? Can businesses ensure business-as-usual during major interruptions, such as severe weather, widespread employee illness, or bridge closings? New data suggests they can not.

According to a recent Cisco-commissioned survey, 74 percent of the 502 IT decision-makers surveyed said that fewer than half of their employees were currently set up to work remotely. Asked why more employees did not have remote access, 38 percent said that business requirements did not necessitate it. And only 22 percent of those top decision-makers felt that their current remote access solutions have contributed to their disaster preparedness.

On the other hand, the same survey respondents touted the numerous benefits of remote access. Seventy-one percent of respondents said that employee productivity is a key business driver for providing remote access.  Further, 62 percent said that their current remote access solutions had resulted in increased employee productivity, 57 percent noted an increase in employee satisfaction and 42 percent realized a reduction in overhead costs.

For years, companies have been doing business continuity and resiliency planning,­ purchasing backup generators for power outages, and backup networking equipment to avoid full-system failures. But where does employee flexibility fall in these plans? Currently, companies are on higher alert in light of the potential employee absenteeism that the H1N1 epidemic could cause. But if businesses (hopefully) make it through the flu season unscathed, will they lose sight of their business continuity planning? We in the Bay Area know this could be a mistake.

We haven¹t seen the last of the Bay Bridge closings, as these updates were only a stopgap while the long-term repairs for the bridge are being planned.

Your city or town may not be highly dependent on bridges, but no place is trouble-free. Severe weather, road closings, and illnesses can hit anywhere.

It seems to be a no-brainer to implement solutions that could increase day-to-day employee productivity, and, at the same time, ensure that businesses could operate seamlessly during blips.

The reliability of the Internet now is arguably as important as that of physical bridges. Reason being, the internet and all networks are essentially systems of figurative bridges connecting workers to each other and their crucial applications. This is why the graphical representation of a bridge graces the Cisco logo. Right now, we¹re thankful it¹s the Golden Gate and not the Bay Bridge.

Each year, SC Magazine celebrates the best and brightest leaders of the IT Security industry with the SC Awards. Award finalists have been recognized by the security community for the work they do every day in the trenches to help fight the battle for a more secure enterprise.

Along the way, these finalists gain valuable insight on some of the most pressing security challenges facing organizations. In this blog, our SC Awards finalist will share with you some of these insights, and lend their perspective to the most timely security issues of the day.

You can get news of a new blog posting –as well as other relevant IT security news and breaking stories of the day from our website and our Twitter feed. While on Twitter,  you may also follow our SC Awards Finalist Twitter list, where we collect the streams of tweets coming from all of our finalists on Twitter.

I am very excited to officially present to you the SC Awards Finalist blog, and hope you are able to glean valuable benefits from our Finalists' shared knowledge.

As a reminder, please make sure to book your tickets for the SC Award Dinner and Presentation soon. Tickets are available on a first-come first-serve basis. Click here to reserve your tickets today.

Sincerely,

Illena Armstong