When reading this year's "Cisco Midyear Cyber Security Report," a few things jump out that bear discussion.
First, one of the key findings is related to the "fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan.
This leads to the report’s conclusion that consolidation of vendors limits this effect. There are a few vendors that do this. Vendors should have the capabilities of on-premises web application management, mobile device management, privileged account management, and Active Directory bridging for Unix, Linux and Macs. Moreover, in addition to those capabilities, you want a vendor that offers multi-factor authentication (MFA) across all of these features and can work hand in hand with other MFA vendors, as well as other privileged account management solutions.
Spyware Is Malware
Then, in the section, "Spyware really is as bad as it sounds,” spyware is no longer given a hallway pass as a "Potentially Unwanted Applications” (PUA), but is firmly branded "malware." This view is appropriate as PUPs are frequently the core of exfiltration of data when credentials are stolen. Forrester estimates that 80 percent of security breaches involve privileged credentials that typically belong to the IT professionals who administer the systems, databases and networks of an organization. With tools sending identities to the wild, having a tool to secure your identities, especially your privileged accounts, is more important now than ever.
Detection Has Improved
Fourth, it was very good to read that overall, time to detection has improved. Companies that have effective incident response plans are proving they are learning and actively improving. But what if enterprises can prevent the incident to begin with? If the incident is related to unauthorized access to company resources, wouldn’t it be nice if the front end of the incident response chain improved too? By using a few tools in concert, like mobility management to ensure a user’s mobile authenticator is installed on a non-rooted device and using multi-factor authentication built into the identity platform, enterprises will mitigate much of what causes a significant portion of incidents.
Today, enterprises can implement behavior based access control to get in front of incidents and slam the door shut. This kind of machine learning technology can identify if a user is acting appropriately to being with, leveraging data related to the methods of access being used, the vector from where access is occurring, and then force MFA on the user or actor. This can significantly improve the security posture of the organization. A fringe benefit to this is that user experience can be improved because users can have fewer challenges when the behavior and access is identified as "all green." This means you don't have to have an MFA prompt for everything, and ensures that your users have a better user experience.
Part 2 of 6 Reactions to the Cisco Midyear Cybersecurity Report will publish next week. In the meantime, you can try a free 30 day trial of Centrify's integrated security platform here.
David's blog was first published here.