Saturday, 26 March 2016

A hard perimeter defence alone isn't enough

With the rapid adoption of blended on- and off-premise technology solutions, the traditional security perimeter is fast paling into insignificance. Information increasingly resides beyond the corporate boundary as data moves to mobile devices, cloud services, and other locations outside of the organisation’s network. Users are becoming more mobile and business stakeholders are increasingly specifying the shrink wrapped solutions they wish to consume.

These demands increasingly blur the corporate boundary and make management more complex, presenting an ever increasing challenge for those trying to maintain security of the organisation’s information assets. More than ever, these factors mean that the security approach now needs to be agile, layered, and responsive to users, but lets not forget that the internal threat remains.

Maintaining visibility of where data resides, how it is accessed and where it is used is key to any security strategy. In the past this was very straightforward as all data remained within an organisation on its network, PCs and servers. Even the traffic to the Internet passed through narrow choke points, but no more. Achieving the required visibility is much more complex today.

It’s impossible to adequately secure information without understanding where it rests, who has access to it, and how it is transmitted. While some visibility of data movements still exists within the corporate network, it isn’t complete. Unmanaged devices, particularly those not connecting via the corporate network, may access cloud services directly and as such data movements are largely invisible.

While cyber threats are without doubt an important consideration, we should not forget the internal threat. A robust perimeter may be a good first line of defence, but it does little to protect against those with legitimate physical and logical access within that perimeter. Multiple levels of defence, comprehensive monitoring, alerting and timely investigation and response are now essential components necessary to complement risk and vulnerability assessments.

AgilityIS can work with you, advising on current good practice, to ensure that appropriate security is implemented in a cost effective and pragmatic manner.
Monday, 7 March 2016

Layered context aware security monitoring is a necessity

A successful security management system must be layered, as well as agile. To provide robust security, a combination of preventative and detective controls must be applied to the network, hosts and devices, applications, services and transports as well as to the data itself, creating defence in depth.

Correlating events from multiple sources, both logical and physical, using a security information and event management solution (SIEM) allows anomalies to be identified. The SIEM should be context aware, able to understand normal behaviour patterns including time, location, device, connection method, application and information requested.

Draw on our experience to understand how to obtain the security intelligence you need. Our dedicated team can help you make informed decisions.
Sunday, 6 March 2016

Cybercrime and Security Innovation Centre Launch

The Cybercrime and Security Innovation Centre (CSI) opening in Leeds aims to improve and incorporate evidence based approach into the frontline policing of digital forensics and cybercrime investigations and to advance human factors of computer security and forensics mechanisms and practice.

Leeds Beckett University will host an exciting line up of speakers who will discuss cybercrime, digital security, forensics and safety with key figures delivering presentations in the afternoon, followed by a panel discussion.

Date: Wednesday 6 April 2016
Time: 13:30-18:00
Venue: James Graham, Headingley Campus

The event will finish with a networking opportunity, and will be followed by an event on campus at 18:30 run by the Leeds Hacking Society and Leeds Beckett University Open Web Application Security Project (OWASP) Student Chapter.

Read more and register online...

Thursday, 18 February 2016

Security today requires collaboration with users

With employees increasingly using non-corporate devices to undertake company business over untrusted networks, organisations face a significant security challenge with these unmanaged devices providing little or no visibility of usage.

Worse still, the use of shadow IT presents a severe security threat and it can be difficult or even impossible to know if unauthorised IT is being used or what it is being used for. Without understanding what data is being stored or shared by users and where, there is no way to understand the associated risks or to ensure that the data is appropriately protected.

The only practical way to tackle this situation is to proactively engage with the user community, understanding their needs and frustrations, to work together to find secure solutions that are easy to use. With security as an enabler providing the solutions they need, users are less likely to seek unauthorised alternatives.

But that’s only part of the solution. It is essential that users understand the security risks associated with today’s ways of working, and the part they play in keeping information secure. For some organisations this can be a significant cultural challenge, but educating users about security risks, including risks that affect their personal devices and personal information, is essential and ultimately keeps them in a job.

Importantly, both the dialogue around solutions and the awareness training need to be continuous and ongoing. Listening and responding to the needs and concerns of users and managers ensures that solutions to get their job done effectively and securely can be delivered in a timely manner.

This may be a new way of working for some IT and security professionals who have previously delivered only one-way communications to business users regarding enterprise solutions, company policies and security threats. This change in mind set is however essential in establishing an effective and successful security strategy and a positive change in cultural behaviour.

AgilityIS can help you adapt to the realities of the modern mobile world, building trust with the business and users, and providing awareness training around security and social engineering threats.