There are many security solutions that can be implemented across your organization’s infrastructure, but the main questions you will face are: 1) how does this fit into my environment and 2) is it providing the necessary services to help me succeed? This issue is compounded by the constant buzz of marketing and advertisement targeted at executives where key terms like “advanced”, “artificial intelligence” and “next-generation” have lost their meaning in the cacophony of consumerism. We have discussed on this blog previously, the choices that need to be made regarding the selection of third-party service providers, but today we will be speaking about software security solutions that best fit your business.
The MegaplanIT blog has discussed risk management and its role in the determination of technological and third-party support of the environment, but how can you validate that the security solution is working? You could always run tests of an incident response process, but in doing so, you may disrupt your business. As always, the best course is to first define the assets you are attempting to protect. Are you taking the stance on (of?) the CIA triad? Are you trying to provide near 100% uptime? What are your RPO and RTO for your clients? What about NIST concerns? These can all factor in the validation of security solutions to avoid taxing your production environment beyond its limits and determine what solutions are most important to your business.
The next step is to consult with your technological administrator or team to determine the viability of the system in relation to the future needs of the company. For example, purchasing new servers or other physical hardware may be counterproductive if the business is moving to a cloud model. Purchasing an anti-virus suite for an operating system that is not commonly affected by virus attacks would also be unnecessary. It may be helpful to consult impartial third-party experts for a second opinion.
To validate the security solutions in place, look at the logs and outputs of the security sensors. Is the anti-virus performing appropriately or is it producing too many false positives/negatives? For network intrusion detection, is it truly scanning network traffic or does it not encompass all network traffic as appropriate to the environment? The use of file integrity monitoring may not be monitoring the appropriate directories, or it may be deployed on newer or different technological endpoints compared to when the system was adopted. It’s important to ensure that FIM is deployed and controlled by appropriate personnel as applicable to the system.
Applied technology in the environment should be tested to ensure that 1) the deployment is correct and 2) the technology is effective. For example, are all devices pre-DLP implementation covered under the solution? Do legacy systems on the back-end that are not modified have the latest security software? This is true for log aggregation systems and SIEM when viewing logs or alerts on a central console. There is value to the periodic validation that the logs are, in fact, being aggregated and parsed properly within acceptable thresholds and for security personnel to respond to threats accordingly. If your company implements a third-party service organization such as a SOC solution, ensure that the contracts or agreements between your company and the SOC are appropriate for the alerting and handling of the events and not just a generic off-the-shelf configuration. Even though the technology may work as intended, the human interaction/intervention process may fail to address the alert.
Technology and software providers will typically state in their marketing that the solution they are offering is a complete “turnkey solution” which has applicability to overall networks and environments. While it may be good for some security measures, it may not be the best fit for your environment. It’s possible that as many as half the tools in the suite would not be applicable to your organization. Throughout my auditing career, I have realized that not all environments are the same, nor will they function or depend on the same resources all the time. All “turnkey” solutions require trained personnel (employees or third-party service providers) who are experienced with the technology and have enough insight into the production network functionality to effectively deploy a security solution. All environments are different, and as these environments evolve, so must the deployment and configuration of security solutions be validated.
Receive A Free Consultation
Should you be curious about how to validate your current security controls and/or discuss any future implementation efforts, the MegaplanIT team has extensive experience specific to this topic and is always here to help.
Leave Comment