Since I was a teenager, I remember hearing from my mom that communication is an important part of relationships....
Getting married, working for myself, and being involved in the fields of IT and information security, I've realized that my mom's words were golden -- and that the same can be said for the interoperability of enterprise security infrastructures. While it's not communication in the human sense, it's interaction that can make or break the visibility and control that security managers need in today's complex environments.
In this tip, I will discuss the concept of security infrastructure interoperability, how it can help an enterprise information security program and more.
The need for security infrastructure interoperability
Aside from the long-standing human-related security challenges, I believe that the interoperability of security infrastructure is one of today's biggest security challenges. When security threats are identified, it would be extremely helpful if there was an effective way to communicate what's going on to all the various, disparate technologies across an enterprise. After all, you cannot secure (nor respond to) what you can't see. Interestingly, this is the way many security programs are managed; it's a perpetual reactive state that has to stop if information risks are truly going to be minimized.
According to a recent study by Tarmin and Angel Business Communications, data overload is a top concern for IT managers. This has a direct tie-in with what's going on with security, system interoperability and event management: There's just so much information coming from every device that no one can possibly keep up. Furthermore, it seems that people struggle to find time to even get started down the path to gain control. Fortunately, this is where having an interoperable security infrastructure can come in handy.
In its early stages, security infrastructure interoperability came in the form of a syslog server and a security analyst poring over countless "events" in hopes of noticing something of value and subsequently piecing together the puzzle. In time, some organizations evolved past this to event correlation, which brings the what, when and where of security incidents to the surface. Yet even event correlation leaves many questions unanswered.
Even fewer organizations are at the more ideal state of having implemented a solid security information and event management (SIEM) system that can help manage security events across platforms and outline further details such as how, why and what to do to prevent it from happening again. A SIEM system will give companies greater visibility of their enterprise and security infrastructure without drowning them in waves of disparate data.
Critical interoperable security technologies
So, ideally, which technologies should be interoperable, communicating the security events and information collected from a SIEM system that need to be known in order to respond and manage effectively? A number of the core technologies needed are what most enterprises already currently have at their disposal both locally or in the cloud, including:
- Intrusion prevention systems
- Data loss prevention
- Operating system
- Mobile device management
Some other niceties that would be beneficial to include are:
- Better interoperability between individual mobile devices (i.e., outside of MDM and built directly into mobile OSes, such as iOS and Android, themselves)
- Custom and disparate Web and mobile applications that can track, log and alert on specific events across platforms
- The Internet of Things that's creeping into the enterprise for interoperability between business systems, as well as employee/consumer systems that might cause (or facilitate) security problems
One of the bigger challenges prohibiting interoperability is that every system and every vendor has its own way of categorizing and prioritizing events. What's critical to one may be nonexistent to another. However, the biggest problem that prevents organizations from achieving interoperability has to do less with the vendors and more with IT and security shops not having the resources to pull it all together.
At this point in time, system interoperability is one of the final frontiers of information security most if not all enterprises have yet to master. However, once completed, enterprises should have all the information that's desperately needed to not only fend off threats, but also paint a clearer picture of what's really going on, which can help security admins convince management that security is indeed a business issue that needs to be taken seriously by everyone.
How to achieve security infrastructure interoperability
If you're going to start on the path towards interoperability, there are three things you need to do to ensure as smooth a ride as possible:
- Know what needs to be reported on and correlated based on your unique organization's risks and reporting requirements
- Fully understand your network systems, what they're capable of reporting and how to tie it in with your other systems
- Work to keep your environment as non-diverse as possible, including putting pressure on your vendors to make security management more insightful and less painful
In the end, enterprises need detailed and actionable information to determine whether something such as a login anomaly in one corporate location translates into an unauthorized database access in another. Keeping systems interconnected and on the same page is critical, yet how will you know if you don't have the proper systems and processes in place?
I assert that enterprises today are seeing only the very tip of the proverbial iceberg of security events and breaches -- imagine all the nefarious behavior that goes unseen. It is important to do now whatever can be done to break this cycle; security infrastructure interoperability is a major piece of this puzzle.
About the author:
Kevin Beaver is an information security consultant, writer, professional speaker and expert witness with Atlanta-based Principle Logic LLC. With over 25 years of experience in the industry, Kevin specializes in performing independent security vulnerability assessments of network systems as well as Web and mobile applications. He has authored/co-authored 11 books on information security including the best-selling Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, he's the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Kevin through his website and follow him on Twitter at @kevinbeaver.
Learn more about security information and event management.
Take a closer look at SIEM operation processes to improve interoperability.