Security Insider Interview Series: Tom Brandl, CISO of Neustar

aaeaaqaaaaaaaataaaaajdbhogyznty1ltewmmetnge0yi05ntmwltnizji2mwu2nzm5ma 2

Cyber threats and the security technologies used to defend against them are a constantly moving target. As soon as IT deploys a new technology to counter a threat, the threat changes. The critical capability is being able to rapidly respond to those changes, says Tom Brandl, CISO of Neustar.

What are some of the most important strategic elements to consider when establishing the best possible cyber security posture?

Number one is understanding what you’re trying to protect. Once you understand that, you can ensure the appropriate controls are in place for threat vulnerability management, patch management, ensuring important data is identified and encrypted, and ensuring visibility into the environment as a whole. They key thing is the ability to rapidly change course.

What should an organization keep in mind when integrating its security policies and procedures with existing security technology?

Having defined requirements for procedures and processes is critical. Even in the best case, the best technology in the world is only as good as the process you’re trying to model. Technology serves to augment those procedures; it’s not a replacement.

What exactly is a Web Application Firewall and how does it defend against advanced cyber attacks?

A Web Application Firewall (WAF) lets you apply a set of rules to http or https conversations. So a WAF defends against common web-based attacks, like cross-site scripting or SQL injection. A WAF also helps rapidly implement defense against newly released vulnerabilities, like Heartbleed.

What are the most dangerous new attacks against which organizations must defend themselves?

The pace at which vulnerabilities are discovered increases every week. Once a vulnerability is discovered, the (patch) process takes time. And during that time, systems remain vulnerable. So it’s not really one specific type of attack, but that the threat landscape is progressing so fast. The ability to rapidly react is essential.

These days, you hear a lot about artificial intelligence (AI). It will be interesting to see how that might be weaponized. Good guys are trying to use AI to (analyze data), and there’s nothing saying the bad guys won’t try to use it to be more effective.

What are the indications these types of threats are imminent?

It’s important for an organization to know what’s normal for their environment. Not having that context is a struggle for most organizations. Having a good understanding of your assets and how they communicate and interact provides that context. Once you’ve established that, it’s easier to isolate events that aren’t normal and investigate those events. Security and governance isn’t something you do on a quarterly basis. Its’ an everyday process.

What should organizations be bracing for as they make security solution and policy decisions?

When security guys get really good, criminals change tactics. And it’s usually the weakest link in the chain that gets all the focus. We can assume technology’s capabilities will keep expanding; so will the procedures used by malicious actors. To mitigate that, organizations should focus on building a solid foundation for governance, understanding the assets, understanding what is normal, and understanding any technology is only going to be as good as their processes and procedures.  


Copyright © 2017 IDG Communications, Inc.