These are exciting times for data security, particularly “left of boom” approaches that keep adverse events from happening while integrating with and enhancing the effectiveness of “right of boom” detection and response capabilities. See more.
Much of what is written about data security focuses on detection, response, and remediation — in other words, what’s “right of boom,” with “boom” being the moment that a system or environment is compromised. But as cyberattacks proliferate and become more sophisticated and the risks and costs to business increase, protective “left of boom” security requires just as much attention and industry investment, if not more.
Nearly all security analytics in existence today are focused on detecting anomalous behaviors and are therefore responsive and reactive. But with the analytics resources now available and emerging on the market, data security experts will increasingly have the capability to ingest and integrate all the data required to create analytics that identify and characterize normal, legitimate behaviors. These “normal” models can be used to configure modern IT and security capabilities to allow only legitimate behaviors, thus significantly increasing the difficulty of carrying out a successful attack. This proactive, protective security augments the necessary detective and response strategies, reducing business risks in ways that aren’t possible with only protective or detective methods.
However, along with the technical challenge of preventative security comes the cultural challenge of shifting mindsets. Many data security leaders today were trained in Security Operations Centers (SOCs) that focus on detection and response. This experience helped them hone their reactive security skills, but they were not exposed to the capabilities needed to prevent attacks in the first place. In addition, engineers are often drawn to the excitement of reactive security and the ability to catch attackers and bad players. But preventing adverse events from happening requires longer term operational planning and product development. These endeavors may not get the adrenaline pumping, but they ultimately lead to world-class data security, where there are very few dramatic breaches or attacks to respond to or remediate at all.
Enterprises should incorporate these critical security steps to secure data proactively:
1. Understand what is normal and abnormal in an environment.
While many security tools focus on blacklisting — identifying and blocking abnormal user behavior and network patterns — preventative security also depends on effective whitelisting of normal activities that should be permitted.
Most security leaders are likely only using a small portion of their network security platform capabilities to secure data. They should leverage these tools to leverage a newly possible understanding of “normal” derived from modern analytics to explicitly allow legitimate user and application behaviors as well as data and content access. With the rise and increasing complexity of cyberattacks in recent years — not to mention the fact that increased remote working also increases network traffic and attack surface areas — predicting all the possible moves that bad actors will take next becomes nearly impossible. But focusing on which behaviors to permit is a more manageable endeavor, though still a highly complicated one.
2. Incorporate your understanding of legitimate behavior into your security posture.
Integrating all relevant data across your organization — whether it’s from IT or human resources, operations or procurement, or any other department — will give you the level of visibility you need to create a comprehensive and tailored security posture. You can then use tools like firewalls and identity and access control systems to enforce your whitelisting policies.
3. Stay adaptive with your security posture.
Both IT and security ultimately support the business. That means working with users and their managers to understand why they need access to data and adapt policies to match their working needs. This will become increasingly important as more employees work remotely, use various devices, and collaborate across teams and functions.
In a world that demands agile innovation and flexibility in response to rapidly changing market trends and global events, any security posture must assess and manage risk thresholds instead of eliminating risk altogether. Smart security learns from user behaviors and fully leverages constructs that allow for adaptive whitelisting and preventative security controls that don’t interfere with users’ needs.
These are exciting times for data security, particularly “left of boom” approaches that keep adverse events from happening while integrating with and enhancing the effectiveness of “right of boom” detection and response capabilities. Many of the strategies being tested today were not feasible a decade ago. But they’re possible now through the power of platforms that ingest, process, and analyze data effectively and are coupled with modern security platforms that can leverage an understanding of both normal, legitimate behaviors and detect and respond to anomalous behaviors.
Teradata is fortunate to be part of a community of leading data scientists and security experts exploring the possibilities of security analytics. We invite you to join us as we build tomorrow’s solutions together.