Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Answering the Call for an Architectural Approach to Security

Most of us are familiar with the adage: “the best defense is a good offense.” It’s used when talking about sports, military strategy, and business – and it holds true for cybersecurity as well. But the reality is that with respect to cybersecurity, organizations have traditionally taken a defensive tact only.

Most of us are familiar with the adage: “the best defense is a good offense.” It’s used when talking about sports, military strategy, and business – and it holds true for cybersecurity as well. But the reality is that with respect to cybersecurity, organizations have traditionally taken a defensive tact only.

The best of breed approach has ruled the day and now many organizations have a patchwork of product platforms from various security companies. A firewall from company A, intrusion detection/prevention from company B, endpoint protection from company C, and the list goes on and on. The challenge is that these disparate solutions can’t and don’t work together and have to be managed independently. Depending on an organization’s needs, security teams are grappling with anywhere from five to as many as 50 different security vendors and solutions that can’t keep up as business models shift, the attack surface expands, and threats evolve. In other words, they’re experiencing a security effectiveness gap, where the security capability each new product adds is overshadowed by the additional complexity it piles on.

To close this gap enterprises are now re-thinking the way they purchase and deploy security technologies. New research from ESG found that 62 percent of security professionals surveyed are actively consolidating their cybersecurity vendors and 82 percent are using an architectural approach to guide this consolidation – integrating multiple individual products and platforms. But to get the operational efficiencies and better protection they seek, they need to do it the right way.

Just as an offensive player’s job in football or soccer is to advance the ball down the field towards the goal, when you play offense as a security professional your job is to advance the objectives of the business securely for continued success. So how do you go about developing a security architecture that moves your business forward? Focusing on one-off technical considerations exclusively gets in the way of creating an effective enterprise security architecture that aligns with and advances business initiatives. You need to go on the offensive using business strategy to shape your cybersecurity strategy.

Involving the right people. It starts by getting the right people involved. Executive sponsorship and a mandate from the Board or executive leadership makes an enterprise security architecture a business imperative and sets up the core team with the autonomy and resources to succeed. Because you can’t secure what you don’t see, both the network and security teams must be represented so that they can work together to devise a roadmap that will simplify security as the business shifts and the threat landscape evolves. Representatives from other areas of the business need a voice as well to ensure that ultimately you develop a holistic enterprise security architecture that recognizes that security is everyone’s concern and responsibility.

Grounded in business strategy. With the right team in place, you now need to ensure you clearly understand the business strategy – where the business wants to go and how it will get there. You need answers to questions like: What are the key initiatives? What areas of the business are affected and in what way? How will success be measured? These answers will drive the security discussion and shift the focus from stopping the bad guys to using security to help drive business success. This information will also help you determine the security metrics and reporting that executive management will find most meaningful.

Adapting and managing operations. With an understanding of where the business wants to go, you can now consider the operations that must be managed to help you get there. When it comes to security intelligence, do you have total visibility from the endpoint to the network to the cloud and across users, devices, vulnerabilities, applications, files, and virtual environments? Without visibility you can’t effectively segment networks or enforce access policies, for example. You also need to understand your company’s risk profile to better manage risk and know what type of information should be reported to the board. Security assurance operations will also vary depending on factors like the regulatory environment you operate in as well as third parties you work with including vendors, partners, and customers. Can you manage these areas securely and maintain availability without putting operations at risk?

Advertisement. Scroll to continue reading.

Better informed technology decisions. Only when you understand the strategic and operational aspects of the business can you move on to technology considerations and accurately assess the security of your systems, network, and applications. The following scenario illustrates why.

The security team at a financial services firm needs a clearer understanding of whether their cybersecurity program meets industry standards, is consistently applied, and is measured and reported effectively to executive leadership. The team could talk to industry peers, do their own research, and decide to adopt some of the practices and newest security technologies they heard about at the last security conference they attended. But without knowing the objectives of the business, that approach could waste scarce resources and not provide the desired outcomes.

Instead, by starting with understanding the business strategy they learn that the executive team is planning significant merger and acquisition (M&A) activity to diversify into other industries and geographies. With this insight, they can determine how operations like compliance, identity and access management, and application development need to change. They can then go on the offensive, developing an enterprise architecture roadmap to address the gaps between their current security model and a target model that will support rapid innovation and flexibility to support M&A. As the business continues to evolve the security model can too with an open architecture that evolves with the business.

If you’re among the majority taking an architectural approach to consolidate security vendors then remember, your best defense is a good offense.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...