4 concepts that help balance business and security goals

Everyone and everything, connected

Across the world, perpetrators are planning sophisticated attacks. Their goal is to disrupt the lives, businesses or governments of their victims. More than anyone, attackers enjoy the phrase "everyone and everything, connected."

On the positive side, the value of this idea is amplified by one major lesson learned during the pandemic: Connectivity is essential to consumers, enterprises and governments.

Today, users have higher expectations. They want instant access, zero lag and constant availability. Surveys have shown end users are more concerned with 100% availability than security.

Everyone and everything, protected?

There are many benefits to seamless and dependable connectivity, but it also creates a double-edged sword. The dark side of pervasive connectivity is a rapidly expanding attack surface. More access by more users and more devices creates a seemingly infinite number of potential entry points.

As a result, severe vulnerabilities are possible within communication networks, defense systems, industrial IoT deployments, connected cars and more. Many critical technologies, such as virtualized networks, open APIs, mandatory interoperability and massive Linux use, also add risks.

And then there's the data. Individuals, companies and governments generate massive amounts of high-value data. While stricter regulations have escalated requirements for data privacy, exposure rates from breaches haven't slowed.

This poses the question: How well is everything protected?

Everything working, everything secure

The ultimate measure of security success is the ability to keep core business activities running, while keeping everyone and everything safe.

Day to day, security depends on tools and perspective. Let me offer an analogy. A thermal image of a well-constructed house could easily represent a corporate network. You could use a leaky house for the same purpose, but you wouldn't be able to detect all the trouble spots allowing heat to escape. You can't fix every trouble spot, but you can still do something to better the situation. For example, an experienced structural engineer, equipped with the right tools, can quickly assess the situation and make recommendations based on your lifestyle and budget.

Resilience and preparation

In the face of present and future realities, unprepared organizations will become increasingly fragile. The durable alternative is resilience. Mindset and action are key success factors for resilience. The mindset is realistic and pragmatic: Assume you have been and will be attacked. Further, organizations should use time-critical response as a standard approach. Action plans should accelerate progress from detect, assess, remediate and recover. Staying ahead depends on continuously learning and adjusting.

The foundation of resilience is preparation. One basic framework is people, product, process and tools. For people, cybersecurity training and readiness are essential. Security competitions can prevent practice sessions from becoming predictable and boring.

On the product side, a majority of security failures are caused by human mistakes, such as configuration errors. Testing dramatically reduces this number. Process improvements and automated tools can enhance the speed of detection and response.

The right tools make a material difference to resilience and preparation, as they increase visibility across the entire network. New tools should be easy to integrate with existing ones, ideally simplifying processes at the same time.

Security visibility and auditing

Security visibility takes us back to the thermal image of the leaky house. The right tools provide a greater level of visibility. The same is true for the network. If you don't know what data is traversing the network, which application is running and who's talking, you simply don't know your network.

This is where visibility comes in. Whether it's a cloud or a physical network, visibility products and services can provide a variety of useful perspectives. They can intelligently tap traffic to be analyzed and can intelligently shepherd some or all traffic to next-generation firewalls, data loss prevention tools or sandboxes. Visibility capabilities provide security engineers with everything they need to detect, find, assess and make decisions about networks.

Security auditing includes pressure testing the network using thorough and realistic simulations of the harshest conditions possible. It also includes safe, self-directed attacks. Security operations (SecOps) is a collaborative effort between IT security and operations teams. The focus is on integrating tools, processes and technology to keep the organization secure, while reducing risks and improving agility.

Threat simulator tools let teams hack themselves before hackers do. For example, breach-and-attack platforms enable SecOps teams to safely simulate attacks on a production network, identify gaps in coverage and remediate potential vulnerabilities before attackers can exploit them.

An increasingly connected world demands new security tactics. The foundational elements are preparation, resilience, visibility and pressure testing. These will set companies up to achieve the ultimate security goal: Keep everything working, while remaining secure.

About the author
Mark Pierpoint is president of Keysight Technologies' network applications and security business, which provides network test and visibility for validating, optimizing and securing network services. Pierpoint has held multiple management positions in R&D, sales, marketing and operations across various businesses in both the United States and Europe. He holds a Ph.D. in microwave engineering and a bachelor's degree in electrical and electronic engineering from the University of Leeds.