Walking the exhibition hall at a modern cybersecurity trade show can be a dizzying experience. Vendors from every angle tout products bearing seemingly urgent new capabilities (and new acronyms to match). The unspoken implication is that failure to purchase the latest solution will result in certain cybersecurity doom.
It’s hard to separate the signal from the noise to determine which security solutions will really move the needle for a business.
Here’s the thing, though: Robust cybersecurity programs revolve around a core set of solutions that provide the foundation for a strong cybersecurity operations team. Let’s take a look at a few of the technologies that should be in almost every business environment today.
1. Use Multifactor Authentication
Once considered a luxury, multifactor authentication is now foundational. The proliferation of sophisticated spear-phishing attacks in today’s threat environment means that we simply cannot rely on passwords alone to protect our systems from attack any longer. Organizations should have MFA deployed on almost all of their internal systems and should also consider using the technology for customer-facing applications, where practical.
Today’s MFA solutions have come a long way in ease of integration and user friendliness. They come with prebuilt integrations for many commonly used applications and with smartphone apps that make completing the authentication process as simple as clicking a confirmation message on the user’s phone. Those that don’t already have two-factor in their environment should make it a top priority.
The percentage of organizations forecasting an increase in cybersecurity budgets next year.
Source: EY, EY Global Information Security Survey 2018-19, Oct. 2018
2. Get a Security Information and Event Management System
Professionals have been talking about the importance of retaining and analyzing security logs for more than two decades. Unfortunately, it’s still one of those items that manages to slip through the cracks. Robust logging provides businesses with the ability to proactively detect security anomalies and serves as a crucial resource during incident investigations.
Security information and event management solutions provide both the ability to ingest a wide variety of log sources and built-in analytical tools that can detect common security issues.
Many businesses that already have a SIEM system in place aren’t making good use of it. IT leaders should ask, “Are all of our systems and applications providing logs to the device? Does the security operations team have a strong monitoring and response process in place?” Those organizations that do have a SIEM system should take a look at the current deployment and find areas where it might be improved. Those that don’t should rectify that promptly.
3. Protect Your Business's Data
Whether it’s customer Social Security numbers, healthcare records or proprietary product development plans, every organization possesses valuable data that must be protected from unauthorized disclosure. Organizations must keep tabs on all of it.
Data loss prevention solutions enable organizations to track sensitive information where it resides on systems and when it travels over the network.
DLP also allows administrators to create policies describing authorized flows of sensitive information and automatically block any attempts to transfer data in violation of those policies. It’s crucial to keeping organizations out of the news as the source of the most recent breach of personally identifiable information.
4. Manage Defense With a Cloud Access Security Broker
A decade ago, perimeter protection was the highest priority for cybersecurity teams. Security analysts spent countless hours building and maintaining firewall rule sets that carefully restricted the types of data that could cross the outer perimeter from the internet.
But organizations have become so cloud oriented that it’s now almost impossible to define “inside” and “outside” with a network-centric view. We need to update our approach to control access to information and resources wherever they reside.
A cloud access security broker provides organizations with the ability to manage this access across a wide variety of cloud solutions. It integrates with popular cloud applications and allows cybersecurity teams to enforce security policies across products from a centralized platform. Any organization that heavily uses five or more Software as a Service products should strongly consider deploying a CASB.
MORE FROM BIZTECH: Read why cybersecurity needs a three-pronged approach.
5. Intrusion Prevention Solutions are Key
On the other hand, the office network shouldn’t be ignored just because an organization has moved many of its critical applications to the cloud. It still requires protection. Perimeter defense remains an important concern for cybersecurity teams.
Firewalls and other intrusion prevention technology have come a long way in the past five years. It’s time for an upgrade for any organization that isn’t already using a next-generation firewall and context-aware intrusion prevention technology. These solutions go beyond basic filtering and allow security tools to make decisions about network traffic in a context-rich manner.
Security policies can now incorporate information about the specific users responsible for traffic; the nature of the data being transferred and the protocols in use; and other critical data points that allow more intelligent, risk-based decision-making.
To assess an organization’s cybersecurity readiness, take a look at each of the core areas above and ask, “Is there a product in place adequately filling each of these needs?”
If not, don’t delay in filling those gaps. If so, ensure those products are configured properly according to industry best practices and the organization’s current business needs. IT leaders that have done this basic legwork will have a lot less anxiety at their next cybersecurity conference.