Ensuring IT resilience in the face of change

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazineuk.com/ensuring-it-resilience-in-the-face-of-change/article/461983/

There are different ways to know how resilient your IT infrastructure is.
You can wait for your customers to complain, an attack to take down your
network, or you can test it. But you'll find that not all testing is the
same when it comes to making sure your network is resilient. Any approach
that fails to validate network security and performance with realistic
application loads and attack techniques is both insufficient and risky.
Realism in testing is the key to knowing how your network and security
tools will behave when subjected to the challenging conditions found in the
wild.

Test systems that rely on application and threat intelligence (ATI) are the
only path to testing with real-world traffic that includes emerging threats
and applications. Even testing with live traffic can't give you the
conditions that your network may face at any future moment. For realistic
testing, you need the “intel” from a team of researchers who are always on
the hunt for the applications and malware that enterprising minds develop
every day.

Only with real-world test systems can you validate the true stability,
accuracy, and quality of your networks and network devices now, and into
the future.

Battle-test, optimise, and harden IT infrastructures

Using an ATI test system, you're better able to predict the impact of
attacks and know how your applications will perform after configuration and
network changes. With a more resilient network, you'll avoid or minimise
fines and damage to company reputation. Such a system also better positions
you to contend with distributed denial of service (DDoS) attacks, data
leakage, and other hacking attempts.

Furthermore, by implementing a continuous security-testing regimen, you can
constantly measure and improve the resilience of your IT infrastructure.
With a real-world test system, you can perform proof of concept (PoC)
validation prior to purchasing new gear. You can measure, for example, how
several next-gen firewalls (NGFWs) perform with the traffic mix you expect
to see on your network, along with the latest attacks. Testing will show
which security tools are the best investments for your particular network.

In short, ATI test systems allow you to ensure IT resilience in the face of
constant change. You'll reduce troubleshooting from weeks to hours, and
deploy best-fit devices for your unique infrastructure. Real-world testing
gives you the exclusive ability to create authentic application traffic,
malicious attacks, and user behaviour to harden and maintain your security
posture.

Continuously maintain infrastructure resilience

CIOs must transform security processes to continually validate and certify
the resilience of every element of their infrastructure over time. This
provides an ongoing understanding of network and data centre
infrastructures as a whole, even in the face of change. You can undertake
sophisticated “what if” testing in a risk-free, yet entirely real-world
environment. “What-if” testing shows you the potential impact of the most
current attacks so you can harden infrastructure resilience before hackers
launch those attacks.

Equipped with this level of actionable insight, IT staff can identify
critical risks—from unpatched vulnerabilities to uncontested gaps in
security coverage—based on the unique composition of their networks,
operating conditions, security processes, and regulatory mandates.

Lifecycle security resilience

Capturing a baseline is an essential first step in a well-run continuous
resilience-testing programme. This means systematically evaluating the key
elements of an IT infrastructure as well as those systems as a whole. It
also means evaluating those elements in the context of a real-world
change-management lifecycle to assess performance and security before and
after change. This is critical to bridging the divide between preproduction
test labs and production networks.

ATI-based test systems can help maintain infrastructure resilience while
saving staffing costs. You can use such systems to provide accurate
cyber-war simulations. This not only transforms your infrastructure, but
also develops existing IT staff into cyber-warriors who proactively
remediate threats and implement more effective security controls.

Real-world testing also gives you essential insight into how particular
DDoS attacks will affect network-based services and application response
times. It provides an understanding of how DDoS attacks impact user
experiences and ensures continued application performance even when a
network is under assault.

Actionable insights keep networks strong

Test systems that rely on both application and threat intelligence increase
the speed, reach, and consistency of an organisation's full array of
enterprise security processes. By providing measurable and actionable
insight into the security, performance, and stability of every element
operating throughout your IT infrastructure, real-world testing helps you
stay ahead of change and effectively defuse threats.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.