Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
As we approach the end of the year, many security leaders are starting to plan their strategic initiatives for 2022. This piece details three key security projects to consider: adopting zero trust concepts, modernizing the security operations center (SOC)
through extended detection and response (XDR), and expanding the security program’s influence to include custom application and product security.
“Zero trust” has become a buzzword in the cybersecurity industry. However, the fundamental concepts of zero trust are sound and need to be understood in a product-agnostic fashion.
The truth is, there is no single product or vendor that provides a comprehensive zero-trust solution; zero trust is a combination of many types of technologies and processes, interwoven and thoughtfully planned out. Strategists should consider educating
themselves using vendor-neutral sources like NIST, and then conduct thought-exercises within their organizations about how to address real-world issues with zero trust concepts.
When planning for zero trust, it’s important to understand that zero trust is:
Depending on your current maturity, you could expect to spend a year or more building a strategy and working to ensure future IT investments are aligned.
XDR is really a modernized take on the SOC. Practically speaking, XDR technically involves a tight integration between EDR, SIEM and security orchestration, automation and response (SOAR). It enables rapid detection and response, and offers benefits like:
One area sometimes overlooked by cybersecurity teams is around getting deep integrations into product or application security. Security teams are often well versed in protecting enterprise resources, such as domain controllers, shared drives, endpoints,
servers, etc., but can sometimes lack visibility and response capabilities with custom products or applications.
As a third initiative, consider strategically pushing to build security logging, analytics and response capabilities into your applications and products. It’s best to start with the end goal, and work backward from there.
For example, what kind of actions could security take to neutralize threats? Locking accounts, rate limiting, changing user roles and blocking IP addresses are all highly effective techniques that help neutralize potential threats. With a set of response
techniques in mind, what types of scenarios would you want to trigger them? An excessive number of 400 errors, web application firewall (WAF) alerts or impossible travel are all good options. Once you have your ideal alerts, identify what log sources
you might need to actualize them – and then get them in place.
Building a strategic and tactical roadmap is critical to the success of any security program. Going into 2022, next-level initiatives for good security organizations can vary widely, but the most common trends center less around buying new tools, and
more on tightening and deepening the integrations between your tools and corporate information assets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.