Automation And Openness Are Best Defense Against Changing Threats
Technology is rapidly changing in every sector—and security is no different. If anything, keeping up with the changes in the security industry is the most important thing an organization can do according to Jimmy Sanders, head of information security at Netflix DVD.
Sanders called security the “point of the spear” while speaking this week at the Structure Security event held in San Francisco and suggested organizations keep up with trends at every opportunity because attackers are evolving just ask quickly as defenses are.
In recent years, the amount of devices that make up an enterprise operation have increased and broadened. Organizations count on a mix of hosted servers, cloud servers, web applications and mobile devices—all of which require defenses to protect against compromise from attackers.
In order to keep all of those aspects of the enterprise protected, organizations need to utilize a number of security tools that protect against different attack vectors. But, Sanders warned, organizations can’t simply install a tool and rest on its laurels.
"We're trying to new things that hopefully we didn't do last year,” Sanders said. “If you're doing the exact same security you did last year, if you have the same security tools that you have last year—the attackers are never using the same tools...the attackers don’t wait."
Sanders warned against counting on any single tool for protection, instead recommending a layered approach. He also advised using tools that have an open application programming interface (API) so it’s easy to integrate them into a larger security stack—and easy to replace it if needed.
"We're in the Valley," Sanders said. "Companies come and go. If they don't have the right product, if they don't have the right customer base, they'll be gone tomorrow. But you can hopefully put another product in place that does something similar because the API is open and can be integrated into the security stack."
He said metrics can be an important aspect of measuring how successful and useful a given tool is, though noted that some metrics are more valuable than others. For example, a tool that tells an organization it’s experiencing fewer attacks than it was before doesn’t necessarily mean that organization is more secure—that tool could just not be recognizing newer threats.
Sanders explained that it matters less if an attacker gets in if the right tools are there to encrypt and protect information once the attacker is detected, so metrics like time in environment can provide better insight into a tool’s true security benefits than number of attacks detected.
Sanders also said automation is an important tool for organizations trying to keep up with the increased demands placed on the security team by helping remediate the effects of sale.
“[For manual defenses], the more alerts you get, the more information you get, the more employees you need to hire," Sanders said. “Automation helps not quite eliminate but remediate the effects of scale, because no matter how many more alerts you get, your automation will still be triggered.”
While automation can play an important role in solidifying defenses, he noted there are still tasks that fall on the security team to complete and failing to do so in unacceptable.
"If I didn't patch, it's shame on me every day. Those are things you can automate, and those are the basics of your job,” he said.
When it comes to advanced attackers like dedicated groups targeting specific organizations or nation-state actors, automation can help to quickly prevent damage from being done. “If you're dealing with advanced attackers, they will be dedicated and they will get in—it's not if they get in, it's what do you do after they get in," he said.
Editor’s Note: Newsweek Media Group and International Business Times partnered with Structure to host Structure Security 2017.
© Copyright IBTimes 2024. All rights reserved.