Have you broken your security resolutions yet?

With a new year, security pros review what to do differently in their network.

New year's resolutions

Keeping your resolutions

We are almost halfway through the first month of 2016 and I am sure many people have already let their personal resolutions fall apart. But what about your professional resolutions? How have they held up? Is it easier to shore up your network’s security than exercise every day? These security professionals offer up their resolutions for the new year.

Get rid of threats quicker

Get rid of threats quicker

Jeff Schilling, CSO, Armor: My 2016 goal for our security team is to drive down dwell time, for the few threat actors who get through our security surveillance, from 2 days to less than 10 minutes. We will accomplish this through focused threat intelligence collection and patent pending intellectual property that gives us unmatched visibility of our customer environment from the hypervisor.

Better visibility into what network resources are being used

Better visibility into what network resources are being used

Andrew Wertkin, CTO, BlueCat Networks:

  • Gain better visibility into who and what are using our network resources and for what purpose. With bad actors becoming increasingly hard to detect, we need to focus less on what we already know and more on the gray areas of our infrastructure. 
  • To create a better response policy for emerging security threats and test our policies in simulated attacks to improve our resilience. 
  • Improve security awareness among all of our teams to instill a security culture into the organization. 
More education

More education

Brent Nair, CIO, City of Memphis: As CIO, my goal is to expand our security education program and provide training elements which include "real life" simulations.

Get threat prevention right

Get threat prevention right

Rick Howard, CSO, Palo Alto Networks: Get threat prevention right before moving on to more advanced operational capabilities. Detection and eradication are as important as prevention, but if you are not doing prevention properly, the other two are a waste of resources.

Run every security decision through the “material impact” lens. The security space is filled with lots of shiny objects. It is easy to get distracted. If actions my team are taking do not reduce the risk of material impact to the company, then we need to stop what we are doing and concentrate on something else; something that does.

Sharing intelligence can be done better

Sharing intelligence can be done better

Rick Howard: At every opportunity, explain to government and business leaders that sharing adversary group intelligence, Indicators of compromise down the kill chain, is not the same thing as sharing PII of its citizens or customers. There is no intersection between the two sets.

Embed security policy and controls into apps

Embed security policy and controls into apps

Craig Hinkley, CEO, WhiteHat Security: We [WhiteHat] continue to reduce risk, reduce cost and decrease the time it takes for us to develop and deploy both internal and customer-facing applications and web sites. We distribute security analysts across our development teams to ensure that we’re embedding security policy and controls into all our apps, from conception through production. What we save operationally by using our own products, expertise and report data, we can reinvest in innovation and serving the security needs of our customers.

Improve patching procedures

Improve patching procedures

Zach Holt, Information Security Engineer, Solutionary: Does your organization have a process for implementing patches? Having a defined process for applying patches will help ensure that your systems are regularly patched (hopefully in a timely manner) and mitigate threats from new vulnerabilities as they are added to the arsenals of script kiddies and cyber criminals alike.

Increase data protection of sensitive material

Increase data protection of sensitive material

Zach Holt: Data protection is a last line of defense where other controls are not adequate to protect against sophisticated attacks. If an attacker has crossed the moat (firewall), stormed the castle (brute forced access/physically possesses the device), and taken out the guards (escalated privileges), a final layer of defense may be all that’s left between you and a breach.This category includes items such as proper identification, storage, and encryption of sensitive data. These controls can be as simple as marking a document as “private” and not to be distributed outside of the organization for proprietary data.