There are many factors which influence the effectiveness of any given technology. These range from how well your staff are trained, to how well it integrates with your other tools, how well it’s configured, and if that configuration is well maintained. The route to getting the best out of what you have starts with ensuring you always have a clear understanding of your current toolset.
For many organisations, a typical list of cyber security priorities might look like this:
- purchase new cyber product A
- recruit more cyber staff
- request budget for new next-generation product B
- ensure the latest cyber compliance requirements are being met.
Noticeable by its absence from this list is ‘assess current toolset’. At first glance, this is nowhere near as exciting as those above, but these regular assessments are a critical component of any cyber security programme. Just as you can’t defend what you don’t know about, you can’t progress your maturity if you don’t understand your current state.
Whether or not a tool is fit for purpose is incredibly subjective. You need to understand your own environment and infrastructure before making any new purchase. You also need to understand how that technology ‘fits in’ with your current architecture. Just because something is ‘best-in-class’, it doesn’t always mean that it’s best for you.
Not everyone needs a Ferrari
Yes, next-generation super cyber product ‘A’ may be amazing and well worth the cost to a large multi-national corporation with offices all over the globe who will feel the full benefit. But if your internal security programme is only mature enough to use 50% of its functionality, you are overspending and won’t see a return on that investment. The same applies to organisations who have an abundance of cyber security technologies but are not well configured or monitored by skilled staff. Both situations can create a false sense of security. Organisations might identify that next year they will purchase a new firewall to cover that risk, then move onto the next problem. However, the purchase of the tool does not equate to a reduction of risk at all if it is not correctly implemented in line with the internal cyber security maturity, and then maintained and regularly assessed.
For example, patching tools are not patching devices if no one is checking the logs and assuming it is still running as well as the day it was implemented. We have seen cases where newly installed network ranges were not mapped to the patching tool so only 60% of devices were being patched.
Yes, well-implemented tools can increase efficiency, improve protection, and overall business performance. However, the marketplace is awash with cyber security products, so this is becoming an increasingly confusing area. Often, a new technology is seen as the solution to a specific problem. There is an expectation that buying product A will resolve problem A, but this is misguided as the technology itself is only part of the solution. Effective long-term cyber security requires careful planning, implementation and maintenance.
Plan your resources carefully
The constant implementation of new tools and technologies is a strain on local IT teams and can create an environment which is even more difficult to secure. Every new self-hosted system in use (including those protecting and monitoring the infrastructure) must be securely configured, managed, patched and assessed continuously for new vulnerabilities. They also require additional staff training, the creation of new documentation, and available hardware or infrastructure. Maintaining security appliances can become as resource intensive as maintaining business critical infrastructure. Having controls in place like IT service desk integration can be invaluable to IT staff to maintain visibility but at the same time be efficient with security management.
In the past, it was thought that multiple security technology stacks should be in use. The logic was that if a network was compromised, having different vendors using different technologies would increase the likelihood of detection, and the multiple technologies would slow down an attacker. This has now been proven to be incorrect – the real enemy of security is complexity. The toolsets in use should be appropriate for the size of the organisation, and the available staff resource. Modern strategies should aim to reduce complexity and increase automation.
Big projects take time and resource, both of which internal teams tend to lack. Often a new tool is not required, and an improvement within the current toolset can provide a much better return on investment. Small incremental changes and improvements in maturity are much easier to resource and sustain. Large projects can take years to complete and during that time the attack surface is not being reduced. Too often large improvements are also made in isolation of other areas, so the full benefits are never fully realised.
The route to getting the best out of what you have starts with ensuring you always have a clear understanding of your current toolset, the purpose of each tool, how often they are maintained and monitored, and any gaps they have. With clarity on these points, you are set up to make well-informed decisions before starting any new procurement or implementation processes. We are able to help clients consolidate tools, reduce costs and simplify the number of tools used.
To find out more about how to assess your cyber security maturity, contact Cloud21. We don’t just understand cyber security, we understand NHS cyber security.