Why Leap Year Is a Cogent Reminder for Enterprises to Sync Up Security

 
 
By Chris Preimesberger  |  Posted 2016-02-26 Print this article Print
 
 
 
 
 
 
 
 
 
  • Previous
    1 - Why Leap Year Is a Cogent Reminder for Enterprises to Sync Up Security
    Next

    Why Leap Year Is a Cogent Reminder for Enterprises to Sync Up Security

    Just as Feb. 29 re-syncs clocks with the orbit of Earth, it is critical that enterprises be in sync, especially to maintain and improve one's security posture.
  • Previous
    2 - Operationalize Security From the Start
    Next

    Operationalize Security From the Start

    If you're going to avail yourself of security intelligence, synchronize your efforts to operationalize it with its arrival. After all, good intel is often of the urgent variety and may have a short shelf life. Think of intel as the arrival of a magic ball from the precogs in "Minority Report." Imagine not acting on that intel until after the crime is committed. There is nothing worse to the morale of your IT security team than being breached between the time you received the intel and when you put it into effect. When this happens, you're not only in the news, but the reconstruction of the sequence of events draws comparisons to the Keystone Cops. —Oliver Tavakoli, CTO, Vectra Networks
  • Previous
    3 - Synchronize M&A IT Integration With Security
    Next

    Synchronize M&A IT Integration With Security

    IT infrastructure teams are normally the next-to-last ones to find out about a merger or acquisition, which means the security teams are truly the last to know. Setting up a repeatable process for how you integrate merger and acquisition activity should be established because this situation of IT and security being last to know will never change. Look at developing a standard package for delivering network, data center and endpoint security inspection that is flexible enough to fit most of the M&A use cases that your organization may encounter. —Jeff Schilling, CSO, Armor
  • Previous
    4 - Synchronize Security With Migration to Public Cloud
    Next

    Synchronize Security With Migration to Public Cloud

    It is common for security teams to complain that there is no security in the cloud. That is a misconception based on lack of engagement with the IT teams that are pulling their customers to cloud solutions. Fighting the gravitational pull of their customers' urge to leverage the public cloud is a losing strategy. Security teams should partner with the IT cloud architecture teams and ensure they have repeatable security models and classification guides that enable this movement to the cloud, not prevent it. —Jeff Schilling, CSO, Armor
  • Previous
    5 - Time to Check Your Time Servers
    Next

    Time to Check Your Time Servers

    While the use of a Network Time Protocol (NTP) server is nothing new, ensuring that all devices use them is critical for IT security and operations. Having logs that are accurately represented by time data stamps that account for leap year and automate batch tasks chronologically can only occur when all systems have the same system clocks. This leap year, it would be a good task to check the accuracy of your time servers and make sure all assets, from servers to infrastructure, are using the correct settings. This will not only help you with forensics but may also protect you against distributed denial-of-service (DDoS) and amplification attacks against NTP. —Morey Haber, VP of Technology, BeyondTrust
  • Previous
    6 - Sync Analog Devices With Time and Date Recording
    Next

    Sync Analog Devices With Time and Date Recording

    While we frequently think about leap year affecting computing devices, we tend to overlook basic analog devices that need to properly record the extra data. These include analog clocks and watches, hourly work punch card clocks and even simple calculations, such as billing by the month based on the number of days. Checking noncomputing devices, invoices and even daily journals and diaries for the extra day is important to record the leap year correctly. —Morey Haber, VP of Technology, BeyondTrust
  • Previous
    7 - When Did You Last Sync Up With Your Boss?
    Next

    When Did You Last Sync Up With Your Boss?

    Leap years are a funny thing, based on our Roman ancestors. Two competing Caesars wanted months named after them and took us from 10 months to 12. February gave up extra days to make the new months equally long. The implications of their actions are felt to this day. Leap years should be a simple reminder of something we should do every day: communicate. We should make sure we communicate effectively with our peers, clients, vendors and most importantly your management team. Synchronizing efforts, formalizing communications and sharing information should be a frequent event. Learn a new concept with this leap year: how to synchronize proficiently and professionally. —Morey Haber, VP of Technology, BeyondTrust
  • Previous
    8 - Security and Finance Must Be Synchronized
    Next

    Security and Finance Must Be Synchronized

    If there is one area of security in need of better synchronization, it is security's relationship with the chief financial officer. The CFO has been conditioned over time to believe that a new suite of technology will be the organization's savior and put an end to costly incidents and breaches. As we all know, this is a false promise. Security needs to think more like a CFO: If I invest this amount of money, what am I getting back in terms of metrics and output? What areas remain uncovered by this investment? How does it scale as usage changes or the organization evolves in size (in both directions)? Is this investment fixed or flexible if my needs change? —Michael Patterson, VP of Strategy, Rook Security
  • Previous
    9 - Sync Is Critical in Planning, Managing, Securing Networks
    Next

    Sync Is Critical in Planning, Managing, Securing Networks

    Time synchronization is a critical piece in planning, managing and securing networks and systems as it provides a frame of reference between all devices on the network. It also helps determine when events happen. Without synchronization of time, we are not able to accurately correlate log files and events between these devices. —Sean Duca, CSO, Asia Pacific, Palo Alto Networks
  • Previous
    10 - Don't Overlook Syncing All Clocks
    Next

    Don't Overlook Syncing All Clocks

    Synchronizing the time globally in your systems can make the difference between global coordination and total system chaos. When the clocks are synchronized, regardless of the time zone, it ensures scheduled jobs can be anticipated and the results consumed, monitoring and reporting are consistently accurate, and incidents can be managed appropriately based on prioritization. —Stan Black, CSO, Citrix
  • Previous
    11 - Business Continuity and Associated Failover Activities
    Next

    Business Continuity and Associated Failover Activities

    Syncing up these functions looks great in policy, but when the tabletop exercises run their course, critical systems are often out of sync. A simple example is a rollback recovery: Accept one small issue and the rollback version is an older patch version, which doesn't sync with the current database. Time slippage in an Active Directory domain is another example that can adversely affect Kerberos authentication by enabling attackers to conduct brute force or replay attacks, and can cause authentication for legitimate users to fail outright. —Stan Black, CSO, Citrix
  • Previous
    12 -Sync Up Functions Already Embedded in a Hyper-converged System
    Next

    Sync Up Functions Already Embedded in a Hyper-converged System

    In a hyper-converged data center, mobile, cloud, IoT and SaaS infrastructures are woven into business. Keeping policy, configuration, patching, visibility, monitoring and control across these diverse platforms poses significant challenges, but taking simple steps such as ensuring clocks are in sync can help make sure the user experience remains intact and that enterprise data is secure. —Stan Black, CSO, Citrix
 

Having all moving parts in sync is how successful companies become that way, and it all starts in the C-level suite. In fact, it's the CEO who really sets the pace and tone for a company, no matter how large or small it may be. IT is now most often the lifeblood of an enterprise; if the blood flow is out of sync, so is the body; if parts of the enterprise don't get the same IT resources as others, then the company is out of sync—business-wise and morale-wise. When it comes to security, if parts of an organization aren't equally secure, then the company's defenses can be dangerously out of sync. On Feb. 29, we'll be recognizing the extra day in 2016, a leap year. This occurs every four years by adding one extra day to the calendar as a method of synchronizing the calendar year with the solar year, which is 365 and 1/4 days. This natural phenomenon re-syncs clocks and calendars with the orbit of Earth; the analogy works parallel to the criticality of organizations being in sync, especially to maintain and improve one's security posture. Examples include synchronizing IT activities with the board, or security with operations, or the CFO with the CISO. In this eWEEK slide show, we offer some perspectives from IT professionals on the importance of enterprise synchronicity.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel