In light of the increased pressure created by Chinese espionage indictments and other high visibility breaches, enterprises might be tempted to invest in so-called cutting edge technologies. When news stories put a spotlight on cybersecurity, technology companies jump at the opportunity to tout their latest and greatest cure-all solutions. Anti-malware, AV, IPS don’t have magical abilities to stop every attack or plug every vulnerable gap.
When we take a step back, we see that these products, while useful in appropriate context, don’t address the meat of the problem. Until government agencies get serious about implementing them, they make appealing targets and their critical assets remain at risk. The Verizon DBIR for the last several years highlights this sobering truth: a majority of the attacks they studied (almost 90%) could have been prevented if simple security controls had been implemented. Inline network technologies like AV and anti-malware are separate from these fundamental security controls.
A more common-sense, and less costly approach will mitigate your risks more effectively. Focus on the core of your infrastructure where the critical data actually resides and implement stringent controls around access, user controls, user management, systems configuration, and data encryption.
Continuous monitoring requirements are actually quite simple and straightforward. When we talk about security controls, we’re looking at monitoring event data (log and activity data) and state data (configuration and vulnerability state). These essential controls examine system settings to ensure they are aligned with the best practices defined by DoD, etc. Monitoring these types of data continuously on a near real-time basis would help government agencies detect weak links in their environment. Core security controls are the low-hanging fruit; focusing on them first will get you the most bang for your buck.
One simple cost effective way to ensure you are monitoring effectively and meeting the core controls is EiQ's advanced security intelligence platform SecureVue, a continuous security intelligence solution that automates many aspects of regulations contained within the 800-53 and 8500.2 requirements. SecureVue's the ability to monitor system state for asset and configuration changes makes it uniquely qualified to report compliance with industry configuration standards including DISA STIG, CIS, and USGCB.