Learn from the Masters: Finding the right blend of cyber security tools

Distilling the right blend of cyber security tools for your company is as much an art as distilling a fine American sipping whiskey from a pile of sugars, grains, and fruit. Everyday technology professionals are being asked to address fast-changing cyber threats and craft comprehensive security monitoring and management strategies into a solidly blended security posture just as a master blender does for spirits.

A Master Blender

A master blender is an individual who decides on the composition of blended spirits. For example, in the Scotch whiskey industry, master blenders choose which single malts and grain whiskeys are combined to make particular blended whiskey. An important objective is often to maintain consistency over time. A typical blend might be composed of 20 different whiskeys whose taste and price will vary over time, and, of course, it is possible that any one of them will go out of production. Consequently, it is sometimes necessary to replace whiskeys that go into the blend. Other responsibilities include checking the maturation of spirits.[1]

Just like the master blender, companies must apply a similar approach to developing a solid cyber security posture and choosing cyber security tools. In the context of managing cyber security organizations, directors and professionals must make decisions based on a combination of tools, security software, data, and industry information. Understanding individual aspects of your cyber security approach are not enough – a blended holistic approach that quantifies risk and considers the interaction of physical, virtual and human factors of security posture is what all masters are working towards. Once a solid cyber security framework is obtained, the work is not done; continually revisiting tools and testing environments, ensures defenses against ever-changing security threats.

On Thursday, November 30 VSS is hosting two master security blenders at the Sagamore Spirit Distillery in Baltimore, Maryland, to discuss cyber security tools. Joe Drissel of CyberESI and Bill Crawford of Information Insights will be sharing the latest insights and techniques for protecting your data and discovering how to manage your security mix to gain the ultimate cyber security advantage for your organization.

Meet the Masters (of Cyber Security Tools)

Joseph Drissel – Founder & CEO, CyberESI

Before founding CyberESI, Joseph was the Acting Section Chief of the Intrusions Section at the Defense Computer Forensics Laboratory (DCFL), the world’s largest accredited computer crime laboratory. In this capacity, Joseph and his team provided intrusion and malware analysis support to DoD entities, Federal Law Enforcement, the National Cyber Investigative Joint Task Force (NCIJTF) and the DoD-Defense Collaborative Information Sharing Environment (DCISE). As a certified DoD Forensic Examiner, Joseph engaged in 1,000+ intrusions cases.

In November of 2010, Joseph founded Cyber Engineering Services which provides patented incident response, intrusion/malware analysis, software and systems, training and cyber-related intelligence to its clients and the community at large. CyberESI personnel has backgrounds that include professionals from Federal Law Enforcement, the Intelligence Community and the Department of Defense. Employees have expertise in the fields of Network Security, Computer Forensics, Incident Response, Intrusions Analysis and Reverse Engineering Malware; all have extensive knowledge specific to Advanced Persistent Threat-related issues.

Bill Crawford – Principal and CEO, Information Insights, LLC

Recognizing the lack of service providers focusing on data security, Bill, along with a team of experts created Information Insights in March of 2010 with a narrow focus of helping customers understand their data, risk and protection landscape. Since then, Bill has worked with many of the Global 100 companies across multiple industries as they assess, redefine and implement strategies for protecting the “crown jewels” of their respective firms.

Bill works with industry leaders from IBM and various clients to tackle subjects ranging from “discovering your data assets” to “developing risk-based controls”, “managing insider threat” and building the “security data lake” as well as how to approach data warehousing and aggregation for security information. Leading, participating in and facilitating workshops and strategy sessions have given Bill unique insight into many of the challenges faced by today’s enterprises as they wrestle with the challenge of developing a data security strategy and having confidence in cyber security tools. Bill is always happy to share what insights he can since shared experiences often lead to innovation.

Please join us for an evening of peer networking, spirited tech talk, delicious food and private tours of one of Maryland’s best tasting new business ventures. Register now.

VSS presents Refine the Spirit of Cyber Security
Thursday, November 30, 2017  |  6pm – 9pm

Sagamore Spirit Distillery
301 East Cromwell Street
Baltimore, MD  21230

[1] Source: Wikipedia

5 Areas to Explore When Planning for a Cyber Security Incident Happening

The month of October has been identified as National Cyber Security Awareness Month (NCSAM) by the National Cyber Security Alliance. VSS has joined the effort as a NCSAM Champion to promote cyber security awareness from the breakroom to the boardroom and help you with planning for cyber security.

We encourage you to take action in protecting your business, employees and customers from online attacks, data loss and other threats – and to ultimately create a culture of cyber security at work.

We’ve listed five areas to explore planning for cyber security incidents happening and how it could impact your business and life.

1. Identify the “crown jewels”

The first step in protecting a business from cyber threats is to identify the “crown jewels” of your business. Those assets and systems that are critical to your business that would prove difficult to operate if they were lost or compromised and/or could be a high value target for cybercriminals.

Always think broadly about critical assets when planning for cyber security. They could be data such as customer or employee data, systems such as ordering, inventory or scheduling and/or intellectual property.

2. Protect Your Assets

Once you have identified your “crown jewels” and critical assets, build your cyber protections around these first as you create a trajectory forward to protect your entire business.

Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.

3. Detect Incidents

Detection is all about knowing when something has gone wrong. We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the faster you know about an incident, the quicker you can mitigate the impact and get back to normal operations.

4. Knowing the Threats

Not all threats in cybersecurity equally impact your business. Some, like broad ransomware attacks are designed to infect any system anywhere that is vulnerable. In other cases, attacks may be motivated by the type of business you are in and the value of what you have.

For example, for those in the retail business, cybercriminals may be looking to steal customer payment data or access a bank account. If you are in manufacturing, maybe stealing your intellectual property or disrupting operations is the goal.

5. Respond

Even when we take all the precautions we can, incidents can still happen. Being prepared to respond in a thoughtful and comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, planning for a response is critical.

The good news is preparing to respond to a cyber incident is not unlike preparing for other events that could impact your business like natural or man-made disasters. Planning for cyber security means building a cyber incident response that can tap your other operational knowledge and experience.

You will need to be ready to:

  • Resolve the problem (e.g., fix your network, restore data)
  • Identify what’s been lost and who has been impacted
  • Continue operations while problems are fixed
  • Communicate with stakeholders (e.g., customers, employees and perhaps the general public)
  • Comply with applicable laws and reporting
  • Report to appropriate agencies

The VSS security team is on hand to answer any questions and be a resource as you begin to explore the state of cyber security at your business.

Join the NCSAM movement this month and arm your business against today’s unrelenting IT security threats.

Source: https://staysafeonline.org/

Throw off the False Sense of Security Blanket

Throw off the False Sense of Security Blanket

Despite spending a substantive amount on enterprise security tools and experts every year, some CIOs and CISOs remain unsatisfied with the state of their organization’s security posture.

This disconnect seems to go hand-in-hand with an absence of central or holistic approach that takes into consideration all the people, processes and technology within the organization. Critical security management tends to fall to admins who deploy and interpret findings to the best of their abilities, but from a bottom-up approach rather than a top-down perspective.

Enterprise Security Tools

Gaining the Right Perspective

Threats, vulnerabilities, risks, security policies, compliance and consequences are all discussed within the context of any proposed enterprise security tool. A typical well-protected organization will have separate tools for application, data, network, endpoint, and mobile device management. Each tool will have its own set of admins, who will create their own set of security policies and rules, providing their own set of vulnerabilities, risk scores and consequences. This approach neglects the need for a central interface to aggregate the inputs to these tools such as security policies of the organization or aggregate the outputs of these tools such as offenses, vulnerabilities and risk scores. More recently, SIEM tools like IBM’s QRadarTM have taken an integrated approach and have started to address this integration and API capabilities to tie things together. Some SIEM platforms still leave a lot to be desired.

On their own, integrated enterprise security tools suffer from a lack of organizational context in the findings and offenses. The Security Management Services from VSS build upon those capabilities and provide CIOs and CISOs an organization-specific perspective; not from a “tool-up” view, but rather from an organizational view down to the tool, ensuring business needs and goals are met.

Focus on the Critical Areas

An organization, like a living organism, has its unique vulnerabilities specific to each critical functioning area.  The majority of today’s security tools do a good job focusing on securing a unique operation within the organization, but in doing so, can give a false sense of security that the entire organism is safe and healthy. Just like any healthy organism can fall prey to single humble virus, a very well-protected organization can be exploited by previously unknown threats. The emergence of new hazards like phishing, ransomware and the continued breach of respected and well-protected organizations is a testament to this now-familiar phenomenon. Today’s threats demand a fresh approach; an approach based on security management processes; focused on the people, processes and technology of an organization.

Security Management Services by VSS help make this happen by treating applications as a “composite asset”, or an asset comprised of more than one asset. Our security professionals help CISOs gather information about applications that need to be protected. We also track the internal team members who are responsible for using and managing these applications.

With VSS Managed Security Services, clients can expect:

Strategic Planning and Roadmap

We meet with executive leadership to capture the security management vision and goals of the organization. Based on this input, VSS proposes a phased, strategic roadmap with clear milestones and KPIs to measure progress. Transparency is maintained through scheduled annual, quarterly and monthly reviews, allowing all parties to assess the current state of security, and set goals for upcoming periods to mitigate risk and ensure compliance. Reviews cover:

  • Scope to ensure all assets are included
  • Asset vulnerabilities to identify and assign risk
  • Security policies to confirm and ensure compliance

Information Risk and Protection

Information Risk and Protection activities are ongoing. This includes:

  • Vulnerability testing and risk assessment
  • Security policy formulation and compliance
  • Application security reviews
  • QRadar log and flow expansion

Security Operations and Response

Our Security Operations Center offers 24x7x365 monitoring of the endpoints, networks, applications, and systems. This results in ongoing refinement of the security policies and the incident response plan.

Security Tools – Administration and Monitoring

Our team of Systems Administrators and Operators ensure that all security tools are working around the clock. This eliminates the need for our clients to hire expensive security resources to maintain their security investments.

Ready to take the first step in evaluating your organization’s enterprise security tools?

Contact our Security team to determine a holistic approach to security that takes into consideration the people, processes and technology that are involved in running your organization.