The three pillars of cybersecurity defence
Source: Procre8 for BeyondTrust , Author: Morey Haber
Posted: Mon February 12, 2018 12:22 pm

UAE. The foundation of cyber security defense has been clouded by point solutions, false promises, and bolt on solutions that extend the value of a given technology, based on a need.

After all, if we count how many security solutions we have implemented from anti-virus to firewalls, you find dozens of vendors and solutions throughout an organization. The average user or executive is not even aware of most of them even though they may interact with them daily from VPN clients to multi-factor authentication.

If we step back and try to group all of these solutions at a macro level, we will find each one falls into one of three logical groups. These form the pillars for our cyber security defenses, regardless of their effectiveness:

Identity – The protection of a user’s identity, account, and credentials from inappropriate access
Privilege – The protection of the rights, privileges, and access control for an identity or account
Asset – The protection of a resource used by an identity, directly or as a service

While some solutions may be supersets of all three pillars, their goal is to unify the information from each in the form of correlation or analytics. For example, consider a Security Information Enterprise Manager (SIEM). It is designed to take security data from solutions that reside in each pillar and correlate them together for advanced threat detection and adaptive response.

Correlation can come from any of the pillars that have traits that exist in each of the pillars. Time and date parameters are typically the foundation, and an identity accessing an asset with privileges is a simplistic way of looking at how the pillars support the entire cyber security foundation of your company. This answers, “What is inappropriately happening across my environment that I should be concerned about?” A good security solution should represent all three pillars.

For most vendors and businesses, the integration of these three pillars is very important. If security solutions are isolated, do not share information, or only operate in their own silo (one or two pillars), there protection capabilities are limited in scope.

For example, if an advanced threat protection solution or anti-virus technology cannot share asset information, or report on the context of the identity, then it is like riding a unicycle. If pushed too hard, an environment could lose its balance and fall over. If that analogy does not resonate with you, imagine not tracking privileged access to sensitive assets. You would never know if an identity is inappropriately accessing sensitive data. That is how threat actors are breaching environments every week.

When you look at new security solutions, ask yourself what pillar they occupy and how they can support the other pillars you trust and rely on every day. If they must operate in a silo, make sure you understand why and what their relevance will be in the future.

To this point, what is an example of a security solution that operates only in a silo? Answer—One that does not support integrations, log forwarding, has concepts of assets (even it if it just IP based) or even basic role access. Sounds like an Internet of Things (IoT) device.

An IoT door lock that provides physical protection for assets based on a static identity that cannot share access logs or integrate with current identity solutions is a bad choice for any organization. A standalone anti-virus solution that has no central reporting on status, signature updates, or faults is another.

There is no way of knowing if it is operating correctly, if there is a problem, or even if it is doing an exceptionally good job blocking malware. Why would you essentially pick a consumer grade anti-virus solution for your enterprise? Unfortunately, this happens all the time and we end up with the bolt on approach to solve the problem.

As we stabilize our cyber security best practice, and focus on basic cyber security hygiene, consider the longer-term goals of your business. If you choose a vendor that does not operate in these three pillars, has no integration strategy, or is an odd point solution, be aware of the risks. Everything we choose as a security solution should fall into these pillars; if they do not, then ask a lot of questions.

For example, why would you choose a camera system without centralized management capabilities? It falls into the asset protection pillar, can monitor physical access by an identity, but without centralized capabilities and management, it is a standalone pole not supporting your foundation. It needs to support all three pillars to be an effective security solution and ultimately provide good information for correlation, analytics, and adaptive response.

In conclusion, some may argue there could four or even five pillars for a sound cyber security defense. They could be education, partners, etc. to support your foundation. I prefer to think of all tools and solutions in these three categories.

Why? A three-legged stool never wobbles!

Photo Captions:
1. (above)  Morey Haber, VP, Technology, BeyondTrust 
2. (inset)   For illustrative purposes only (File photo)

About Morey Haber:
With more than 20 years of IT industry experience and author of Privileged Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently overseas strategy for both vulnerability and privileged access management solutions.

In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts.

Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.



date:Posted: February 20, 2018
UAE. Business leaders from the UAE gathered together at an ACCA event in collaboration with Thomson Reuters which took place in Abu Dhabi and Dubai to discuss the first 100 days of VAT in the UAE and how organisations can navigate adoption challenges.
date:Posted: February 19, 2018
UAE. Job Index found that the skills most sought in the UAE are good communication in Arabic and English, being a team player, and ability to work under pressure.
date:Posted: February 19, 2018
UAE. What is it about Augmented Intelligence that makes it a major shifter in the way sales are conducted and won? Could this new technology positively influence the sales world, yet move human minds out of the sales picture?
UAE. As Dubai housing stock continues to grow there has been a greater demand in the off-plan market compared to ready; It is likely that focus will now start to shift on deliveries and that the pace of launches will slow down from its torrid pace in 2017.