Old school security practices simply don’t fit the new IT environment. Cloud computing, applications and distributed workforces have changed the security game. The days of building perimeter walls still exist, but the walls are disappearing. This leaves channel security consultants wondering what the right allocation is for security budgets. As indicated in a 2016 SANS report on security spending trends, the goals of an organization often do not match their actual security spend. Compliance and data protection are some of the key drivers in today’s ideal security spend – but is this really where funds are being concentrated? Of course, we all need standard measures such as authentication, firewalls, end-point and malware protection. The question is, how can channel security consultants recommend a solution that doesn’t take away from what’s needed as a baseline and still addresses the true goals of an organization?
Modern Day Threats
Security has become more complex with today’s threats and risks. Big breaches have hit the headlines year after year. What’s the main cause of these breaches? According to the 2017 Verizon Data Breach report, 81% of hacking-related breaches leveraged stolen or weak passwords. In the more recent 2018 Verizon report, the use of stolen credentials was the leader in the “top 20 action varieties in breaches” (ahead of memory scraping, phishing and privilege abuse). Today’s threat actors are well connected and communicate effectively across messaging platforms, social media, and the deep and dark web to share compromised information such as passwords. So, what strategies and tactics can a channel security consultant deploy to address these security threats?
A Preventative Approach to Security
Breaches are never expected, which is the reason why organizations should move to a more proactive approach. One-off assessments fail to provide a continuous method to search and hunt for threats and vulnerabilities. I’m not referring to the SOC hunting done once an attacker is present. That’s an escalated procedure that needs to be addressed and repaired immediately. Instead, I mean identifying and capturing the compromised information, data, credentials or vulnerabilities used before an attacker has entered your environment. Here are some examples:
- Someone squatting or impersonating a domain to harvest credentials
- Compromised data or credentials shared and sold on criminal forums
- Employees inadvertently oversharing on social media
- Third parties compromising data due to weak policies
Wouldn’t it be great if channel consultants could find nuggets of threat-led information for their clients before they were attacked? Using a preventative approach to security can help. If you know the threat before the attack occurs, it’s easier to combat and set your defense (security). This approach allows the team to become more effective in dealing with modern day risks.
A continuous monitoring and management approach in the open, deep and dark web fits the bill for understanding and applying a preventative approach to these risks. Sifting through mounds of alerts, false-positives and “gotchas” can be cumbersome for any organization or Managed Security Service Provider (MSSP). More so, a common security challenge we all face is talent. Security talent is hard to find and keep. To best ensure a preventative approach, an analyst needs to be there to contextualise and evaluate the relevance and impact of threats to your particular organizations’ circumstances. This can be a member of your security operation team or a vendor’s. Having a client chase their tail on real-time false alerts can cost more money than it’s worth.
Rebalance Security Spending
Most financial advisors will comment on rebalancing your 401K when the market shifts. When stocks go up, your allocation is most likely higher due to markets changing. In the case of security, consultants should consider rebalancing their client’s allocation of security spend to address modern day threats and risks. A consultant approach to security budgets should address the methods of harvesting and capturing data or compromised credentials before they are used in an attack. A little more security allocation in the preventive bucket can greatly reduce the amount the organization would spend if they are compromised and breached.
About Digital Shadows (now ReliaQuest)’ Channel REV Partner Program
Digital Shadows (now ReliaQuest) enables organizations to manage digital risk by identifying and eliminating threats to their business and brand. Channel partners leverage Digital Shadows (now ReliaQuest) to monitor for digital risk across the widest range of data sources within the open, deep and dark web to deliver tailored threat intelligence, context and actionable remediation options that enable security teams to be more effective and efficient. Our partners help their clients protect their data when exposed, if employees or third parties put them at risk, or if their brand is being misused. To learn more, visit partners.digitalshadows.com.
To stay up to date with the latest Digital Shadows (now ReliaQuest) threat intelligence and news, subscribe to our threat intelligence emails here.