BreachExchange mailing list archives
Ensuring IT resilience in the face of change
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 8 Jan 2016 13:30:38 -0700
http://www.scmagazineuk.com/ensuring-it-resilience-in-the-face-of-change/article/461983/ There are different ways to know how resilient your IT infrastructure is. You can wait for your customers to complain, an attack to take down your network, or you can test it. But you'll find that not all testing is the same when it comes to making sure your network is resilient. Any approach that fails to validate network security and performance with realistic application loads and attack techniques is both insufficient and risky. Realism in testing is the key to knowing how your network and security tools will behave when subjected to the challenging conditions found in the wild. Test systems that rely on application and threat intelligence (ATI) are the only path to testing with real-world traffic that includes emerging threats and applications. Even testing with live traffic can't give you the conditions that your network may face at any future moment. For realistic testing, you need the “intel” from a team of researchers who are always on the hunt for the applications and malware that enterprising minds develop every day. Only with real-world test systems can you validate the true stability, accuracy, and quality of your networks and network devices now, and into the future. Battle-test, optimise, and harden IT infrastructures Using an ATI test system, you're better able to predict the impact of attacks and know how your applications will perform after configuration and network changes. With a more resilient network, you'll avoid or minimise fines and damage to company reputation. Such a system also better positions you to contend with distributed denial of service (DDoS) attacks, data leakage, and other hacking attempts. Furthermore, by implementing a continuous security-testing regimen, you can constantly measure and improve the resilience of your IT infrastructure. With a real-world test system, you can perform proof of concept (PoC) validation prior to purchasing new gear. You can measure, for example, how several next-gen firewalls (NGFWs) perform with the traffic mix you expect to see on your network, along with the latest attacks. Testing will show which security tools are the best investments for your particular network. In short, ATI test systems allow you to ensure IT resilience in the face of constant change. You'll reduce troubleshooting from weeks to hours, and deploy best-fit devices for your unique infrastructure. Real-world testing gives you the exclusive ability to create authentic application traffic, malicious attacks, and user behaviour to harden and maintain your security posture. Continuously maintain infrastructure resilience CIOs must transform security processes to continually validate and certify the resilience of every element of their infrastructure over time. This provides an ongoing understanding of network and data centre infrastructures as a whole, even in the face of change. You can undertake sophisticated “what if” testing in a risk-free, yet entirely real-world environment. “What-if” testing shows you the potential impact of the most current attacks so you can harden infrastructure resilience before hackers launch those attacks. Equipped with this level of actionable insight, IT staff can identify critical risks—from unpatched vulnerabilities to uncontested gaps in security coverage—based on the unique composition of their networks, operating conditions, security processes, and regulatory mandates. Lifecycle security resilience Capturing a baseline is an essential first step in a well-run continuous resilience-testing programme. This means systematically evaluating the key elements of an IT infrastructure as well as those systems as a whole. It also means evaluating those elements in the context of a real-world change-management lifecycle to assess performance and security before and after change. This is critical to bridging the divide between preproduction test labs and production networks. ATI-based test systems can help maintain infrastructure resilience while saving staffing costs. You can use such systems to provide accurate cyber-war simulations. This not only transforms your infrastructure, but also develops existing IT staff into cyber-warriors who proactively remediate threats and implement more effective security controls. Real-world testing also gives you essential insight into how particular DDoS attacks will affect network-based services and application response times. It provides an understanding of how DDoS attacks impact user experiences and ensures continued application performance even when a network is under assault. Actionable insights keep networks strong Test systems that rely on both application and threat intelligence increase the speed, reach, and consistency of an organisation's full array of enterprise security processes. By providing measurable and actionable insight into the security, performance, and stability of every element operating throughout your IT infrastructure, real-world testing helps you stay ahead of change and effectively defuse threats.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- Ensuring IT resilience in the face of change Audrey McNeil (Jan 12)