Today's information security landscape is continually evolving animal. As attack vectors to grow, attacks become more frequent and attackers develop to be even more demanding.
This is what we call "the new normal."
As a result, has in a significant change of the known security measures, the need to continuously adapt to an increasingly hostile environment that kept us "comfortable" in front of a little 5 years.
remember, these "golden rules" of just a few years ago?
Lock your workstation when you walk.
Run antivirus software.
do not click on suspicious links.
Do not write your password on sticky notes.
select strong passwords and change them often.
Firewalls have, in fact, many of them have.
encrypting your hard drive.
patching your systems at least once a month.
Although the security hygiene of last year's good "belt and suspenders" still valid and necessary, the reality is that it is not sufficient by far, the dangers of today's increasingly complex to fight . Threats
When we consider the evolving enterprise security situation, here are a few observations and recommendations to help you keep up with the rapid pace of change step:
Say goodbye generic " best practices "safety compliance is not security program -. it is a starting point. Any organization that is still only the boxes on the report examination getting injured. Have this conversation in the meeting room and use it to drive the culture towards safety, which is specifically tailored to the company.
Patching is a daily event. Flaws in applications, services such as DNS and basic software, including OpenSSL, mean that we can not wait a month or more for patches. Ask react sure your organization with instant restoration on workstations, mobile, server and cloud. Manage to respond to the application layer without pressing that new desktop images.
security now personally. Targeted attacks go after individuals with personalized messages and payloads from an apparently trusted source. It is increasingly difficult to distinguish itself always for security experts to malignant from benign. And the very rare APT ups the ante when the attacker has found a really valuable target. More education is needed, but can only go so far. Hardening has the standard attack surface to reduce as far as possible, and mitigation strategies more sandbox attacks.
overdrafts are expected. Previously denied and discussed only in secret, injuries are now a message requirement for many organizations. A prescribed approach to Incident Management includes both technical and reputational answers. With a content violations and their impact has been across governments, healthcare and financial services a key use case for virtualization App. Virtualize all browser-based access is a leading practice for attacks against one of the most popular entry points for organizational injury.
End-to-end strong encryption is mandatory. and encryption isn 't only for networks and hard drives. Encryption must protect sensitive data within and between applications from desktops to mobile phones. Criminals also have the value of the encryption Ransomware uses encryption recognized as a weapon. And as the painful death of SSL has shown outdated encryption may not be as bad encryption. Control encryption for endpoints app and desktop virtualization on mobile devices with enterprise mobility management and for cloud and Web applications with an Application Delivery Controller with integrated web app firewall. And get on TLS to protect your interests and to meet PCI DSS requirements.
security starts with access. A deep knowledge of very situational context is necessary to control identity, authentication, authorization and access control. implementation of 5W of access for employees and non-employee access. to make use virtualization fine-grained access control for privileged users are available and to ensure that there is no direct access to sensitive data.
IT has competition. End users think they can do better to calculate. And in many ways, they can. But not for the security. Ensure that shadow IT, unsanctioned BYO and the use of consumer applications, cloud and services for sensitive data is replaced with IT-controlled and sanctioned deals. Sounds hard? Simplify life for users of single sign on allows to automate their improved access and better experience on different devices - and watch you lose the competition
This is not a mandatory list. The requirements for information security teams are here to stay. No one can afford to stand still. Attack vectors and the method in which bad actors looking exponentially with the advent of more and more connected devices, people and places.
to usewill grow, defining the next era of information security? Just as we look back the "good old days" of security, is now relatively easy to appear compared to how the Internet of Things (IoT) to the evolutionary forces will capture.
It can be observed time to keep open both eyes.
0 Komentar