At Guidance Software, we’re honored to train and work
alongside information security teams inside numerous global corporations and
government agencies. This gives us an ideal vantage point from which to learn and incorporate the latest intelligence on attack methods and
best-practices for incident response. So here’s a look at what we’ve gleaned
from this year’s barrage of cyber-attacks.
Where to Invest Resources in the High-Profile Breach Era
One benefit of this awareness has been an increased
investment in security. We believe that this investment should not solely be
spent on tools, simply adding to the layers of security many companies already
have in place, but it should also focus on making sure the right people with
the right skills are able to properly leverage the technologies already in
place. These large breaches have highlighted the need not just for a tactical
incident response plan, but also for a corporate incident management strategy
that includes understanding, identifying, and protecting key assets long before
an incident is identified.
Finally, these incidents have reiterated the importance of
practicing and enforcing basics like patch management, password enforcement,
and employee security awareness.
Growing and Retaining Security Staff through Targeted Training
In 2015, corporations are going to need a two-pronged
approach in order to grow and retain a team of effective incident
responders: They will need to invest in
specialized training for established security professionals and to provide
incident response fundamentals and tools training for less advanced team
members.
With a widely reported shortage of security professionals
and a broad set of skills required to handle the range of attack techniques,
teams need to have and continually build a diverse set of skills—more skills
than just one person can master. Allowing senior members to focus on advanced
skills like reverse-engineering or memory forensics encourages retention
through greater engagement and prevents burnout by allowing senior team members
time off the front lines to recharge.
On the other side, developing the skills of less experienced
professionals, possibly existing IT staff, allows you to leverage their
existing IT knowledge, including their ability to understand your unique
network or assets—the IT “ecosystem.”
In addition, corporations can address training needs by supporting
“time off” from regular duties for security professionals to train either
offsite, through remote learning, or through self-study during business hours.
Sharing Threat Intelligence
Finally, building up an understanding of your environment and identifying trends outside of the norm that may indicate a specific technique in the act of being played out in your network is a large trend in the industry. To build up a repository of these trends, security professionals need to have a way to share intelligence about patterns or attack types to others in their industry or trusted security groups. Attending training with other security professionals is one way to help build these relationships.
Comments? What’s working well inside
your organization? We welcome discussion in the section below, whether on this
topic or on one you would like to see us write about here in the blog.
Ashley Hernandez and
John Lukach are long-time instructors in cybersecurity, e-discovery, and
forensics at Guidance Software.
No comments :
Post a Comment