For most IT teams, addressing or thinking about cyber security is a daily concern. From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. Since October is Cyber Security Awareness month, this is a good time for you to take a strategic look at your organization’s current security posture.
The key concerns should be whether your current solutions still provide the security you need, and whether your organization’s procedures are still in alignment with current best practices. The SANS 20 is a good checklist to start a quick strategic cyber security assessment. Comprised of current Critical Security Controls (CSCs), some of the items on the list may seem rudimentary to some organizations, but with technology and threats evolving daily, the deployed solutions may no longer support the full scope of current CSCs.
For example, Bridgestone’s Credit First National Association (CFNA) had a Network Access Control (NAC) solution in place, but during a routine network security assessment, they discovered that it failed to provide a comprehensive security solution. CFNA’s older NAC solution did not fully meet Critical Security Control (CSC) 1, identify all authorized and unauthorized devices on the network, or CSC 4 for continuous vulnerability monitoring and assessment. Timothy Lynch Childress, manager of CFNA Network Services, Bridgestone Firestone, was stunned. “Even with a NAC solution in place, an auditor was able to access our network in less than ten minutes just using his laptop,” Childress explained. “We are required to ensure compliance with Office of the Comptroller of the Currency regulations, and keeping our customer and employee data safe is paramount. We began looking for a new solution immediately,” he added.
CFNA upgraded to a Security Automation & Orchestration solution, Network Sentry, which meets several CSC recommendations. Network Sentry leverages the built-in commands of network switches, routers and access points to establish a Live Inventory of Network Connections (LINC) and enforce control over network access. It then assesses the risk of every endpoint, helps users self-remediate unauthorized devices, and enables role-based access to the network and data. By upgrading to newer technology, CFNA was able to attain full visibility into each device connected to the network, continuously monitor each device and automatically contain any suspicious or compromised endpoint devices, in addition to a number of other benefits, this Security Automation and Orchestration solution addresses several CSC goals, and supports a few additional CSCs.
CFNA is by no means alone – a recent survey shows only 37% of companies use endpoint monitoring that includes user activity and physical media.[i] A statistic that underscores the need for organizations to conduct strategic security assessment periodically.
A Security Automation and Orchestration solution can help you satisfy the following CSCs from the SANS 20:
CSC 1:Inventory of Authorized and Unauthorized Devices: This requires that you profile and continuously manage all devices on the network. Security Automation and Orchestration software can help you ensure only authorized people and devices are granted access, and unauthorized devices, or devices that fail to meet the minimum security requirements are deferred from access. It can also provide a self-remediation page for users. If a user requires a software patch or updated AV software, they can be re-directed to the appropriate page to fix the issue. This saves time for users and IT staff, as well as increases user satisfaction.
CSC 2: Inventory of Authorized and Unauthorized Software: Having knowledge of all software running on the endpoint device is another key benefit of a Security Automation and Orchestration solution. This can be done by integrating with a Mobile Device Management solution, or by running an agent on the endpoint device. If a dangerous download or a software change is detected that makes the device non-compliant with the established standards, it can automatically quarantines the device.
CSC 6 Maintenance, Monitoring, and Analysis of Audit Logs: Retaining a record of every network action taken by each device can assist you in: analyzing security events, capacity planning, compliance audits and more. A Security Automation and Orchestration solution with built-in repository and analytics can constantly monitors and logs the actions of every user and device.
While these are only some of the CSCs that a Security Automation and Orchestration solution helps you meet, you can see that this one solution has a huge impact – helping networks meet some of the critical SANS controls.
Even if your organization is not in a position to tackle all 20 goals immediately, this is a good time to assess your organization’s network security posture and prioritize technology upgrades to ensure end-to-end network visibility, dynamic access control and automated threat response.
If your staff is currently overcommitted, Bradford Networks, a leader in Security Automation and Orchestration technology, offers a free no cost, no obligation network security assessment to get you started. Contact us to learn more.