- Implementing an Intelligence-Driven Security Strategy: 10 Data Points
- Understand Your Current Risk
- Visibility Into the Network Is a Must
- Control and Manage All Digital Identities
- Visibility Into All Transactions Necessary
- Analyze Normal Behavior, Seek the Exceptions
- Rapid Response a Must
- Emphasis on Detection a Key Part of the Strategy
- Centralized Control a Key Operational Benefit
- Timeliness Increases Risk Avoidance
- Staffing Benefits Also Can Result
Implementing an Intelligence-Driven Security Strategy: 10 Data Points
by Chris Preimesberger
Understand Your Current Risk
There are a lot of questions to ask before embarking on a new strategy. What are the risks to the organization? What are its vulnerabilities? How well is it defending against those at any given point in time? Without visibility into risk, organizations can’t design optimal defense strategies or appropriately prioritize activities.
Visibility Into the Network Is a Must
Network visibility needs to go to beyond what we have today, from logs and events, down to the packet and session level to spot faint signals that indicate advanced threats.
Control and Manage All Digital Identities
Organizations need to understand who (or what) is on their networks, what they are doing and whether that behavior is appropriate.
Visibility Into All Transactions Necessary
Organizations need to know what’s happening inside key applications that drive the business. Good monitoring and controls can handle this.
Analyze Normal Behavior, Seek the Exceptions
Analysis involves understanding normal state behavior and then looking for anomalies. By knowing what is “normal,” an organization can then spot, investigate and root out anomalies that result from malicious activity.
Rapid Response a Must
Consistent and rapid response to confirmed anomalies allows organizations to mitigate potential threats by enforcing controls such as access restrictions or additional authentication. Action also results in remediation processes and activity.
Emphasis on Detection a Key Part of the Strategy
An intelligence-driven security strategy emphasizes detection, analysis and action, while de-emphasizing static, signature-based perimeter detection. This “even-split” approach understands the modern threat landscape and allocates resources accordingly. This includes creating a better balance between monitoring, response and prevention.
Centralized Control a Key Operational Benefit
Intelligence-driven security reduces the number of point products and fuses together otherwise disjointed data sets and tools, increasing both security and operational efficiency.
Timeliness Increases Risk Avoidance
With the ability to identify attacks in a more timely fashion, intelligence-driven security reduces bottom-line loss that often results from an undetected breach.
Staffing Benefits Also Can Result
Automation and sophistication aids in freeing already overburdened employees, focusing them on what matters to defend the organization, and can elevate average performers into vital components of a winning IT security staff.