Static Long-Term Processes are not Welcome at InfoSec’s Door
Attacks on the enterprise and embedded systems are not slowing down. These are increasing as the attacks are expanding the sophistication, the number of attacks is growing in numbers, the attackers have modified their activities to a business model, and the notoriety associated with an attack has increased the publicity with these. As an increase in the issue’s potency, these attackers are located across the globe.
The mainstream, present response is to put the defensive architecture in place, monitor the SIEM, and respond if there is an issue (e.g. attacker’s successful phishing attack). An immense amount of trust is placed into these appliances to monitor and protect the enterprise. This static thinking has not and will not be acceptable in the future against advanced attackers.
The security operations command (SOC) is under an increasing level of pressure from management and the attackers. This is budgetary from inside sources and external from the seemingly daily attacks, both old and new from attacks not experienced previously. To defend against these using the static security architecture, not consistently updating the applications and tools, looks to create and further problems for the CISO and business.
The InfoSec Architect, to adequately protect the system, has to be flexible and creative. These simple acts would work to directly keep pace with the the attackers on various activity and technology levels. Without this in place, then the enterprise would be maintaining the security put in place years prior (e.g. bronze age tools) against an enemy using the current attack technique (e.g. iron age tools).
The enterprise needs to keep pace, or this will continue to be breached and compromised regularly and with ease.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.