A few days ago I had the opportunity to attend the Evanta 2016 New York CISO Executive Summit. It was a great event, attended by leaders in information security on both the customer and vendor sides of the equation. Throughout the day, CISO’s from some of the world’s largest organizations and other thought leaders in the world of cybersecurity presented in keynote and breakout sessions, offering up their thoughts on the state of security and advice on where to focus efforts in these turbulent times. A couple sessions really hit home with me personally, and I wanted to share some thoughts from the first session of the day delivered by Chris Inglis, Former Deputy Directory of the NSA.
The meat of Chris’ presentation was describing the thought process of someone in his position in a pre- and post-Snowden world (which was endlessly interesting), but the takeaways were what really resonated with me the most – and I suspect everyone in the room as well.
1. Protect the data
Chris urged the crowd not to forget about the perimeter and the operating system, but to shift focus to the very thing they were all trying to protect; the data! He admitted that more focus on the data itself would likely have given the NSA the visibility needed to prevent the Snowden incident from happening in the first place – an event that literally changed the world.
2. Do it in real-time
Being able to dissect a breach after it has occurred is helpful for understanding how to prevent it from happening again, but detecting it as it is happening and having a chance to prevent it from escalating into tomorrow’s headline news is obviously preferable.
3. Make the system defensible
Chris bluntly stated, “there is no such thing as a secure system” – a fact everyone knew in their heart of hearts, but probably didn’t want to admit to themselves. However, just because something can never be truly secure, doesn’t mean it can’t be highly fortified. To that point, though, Chris really drove home that often in order to fortify your assets, investments are needed. He said, “In defending it, don’t delegate it. Bring it into the boardroom.” The point here is that the CISO’s needed to expose the threats and clearly articulate the risks to the people in control of the purse strings, not bury it and hope all the people beneath them in the organization can pull off a miracle without the proper resources.
4. Detect anomalies and investigate “with vigor”
With advances in User & Entity Behavior Analytics (UEBA) technologies, organizations are finally getting to a place where they can truly decipher between normal and abnormal behavior. Chris urged the executives to not just leverage these advances but to use them as a way to prioritize their efforts. It’s a great first step to know that something is behaving abnormally, but by diving deeply into these abnormalities, you’ll often find associations with other abnormalities that can expose the otherwise invisible actions of bad actors before they materialize into bad situations.
5. People, Process, Technology….and Operations
To wrap a bow around these takeaways, Chris highlighted that while everything ultimately boils down to solid people, processes, and technologies, it’s execution and operations that pull it all together – a critical fourth component in the traditional triad of cyber security.
To learn how STEALTHbits can help your organization protect your data in real-time, make your systems defensible, detect anomalies, and enable the executors of your projects to achieve their goals, start with this quick video.
Start a Free Stealthbits Trial!
No risk. No obligation.