Last week, Rick Holland, Principal Analyst at Forrester Research joined Christian Kirsch to discuss the concept of planning for failure in your security programs by being equipped to detect and investigate effectively when intruders get past your defenses. Read on to learn the top takeaways from their discussion on “Planning for Failure: How to Succeed at Detecting Intruders on your Network”:
Avoid Expense in Depth –Buying more and more stuff/increasing the amount of vendors and technologies you work with rather than expanding within your existing ones to find capabilities you aren't using is ultimately hurtful. This tactic results in a Frankenstein's monster-like environment that makes it very difficult to coordinate a defense. It's important to have an actual strategy and some introspection to understand what is happening in your environment and why. All expense in depth ends up doing is creating internal friction and slowing organizations down. Examine your investments in people, processes, and technology to become more agile and create friction for adversaries.
Triage Based on High Value Assets – Figure out where you should be focusing security efforts by zeroing in on your high value assets. Do this by looking at what generates revenue, what generates fines, technical discovery using data loss prevention tools, and by identifying people and assets associated with risks. Have an inventory of accounts adversaries are most likely to target and make sure to consider PCI, PII, and PHI data, as well as intellectual property.
It's all about balance – Couple the knowledge of internal priorities/high value asset protection with what attackers are likely targeting: credentials! Intruders use credentials to mask as users and dig deeper in your environment by escalating their privileges. This makes them really difficult to find, so emphasis must be placed on understanding user context. UserInsight makes it possible for security teams to do this by giving insight into Intruder Analytics – it allows for automatic detection of attacks, quick and simplified investigation, connecting solutions for benefits like adding user context to data from monitoring solutions, and setting traps for intruders. You can drill into user and intruder data without having to write any queries.
Check out the recording from the live session to see UserInsight in action and hear the in-depth discussion on planning for failure to protect your organization: view the on-demand webcast now.