InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
As we approach the end of the year, many security leaders are starting to plan their strategic initiatives for 2022. This piece details three key security projects to consider: adopting zero trust concepts, modernizing the security operations center (SOC)
through extended detection and response (XDR), and expanding the security program’s influence to include custom application and product security.
“Zero trust” has become a buzzword in the cybersecurity industry. However, the fundamental concepts of zero trust are sound and need to be understood in a product-agnostic fashion.
The truth is, there is no single product or vendor that provides a comprehensive zero-trust solution; zero trust is a combination of many types of technologies and processes, interwoven and thoughtfully planned out. Strategists should consider educating
themselves using vendor-neutral sources like NIST, and then conduct thought-exercises within their organizations about how to address real-world issues with zero trust concepts.
When planning for zero trust, it’s important to understand that zero trust is:
Depending on your current maturity, you could expect to spend a year or more building a strategy and working to ensure future IT investments are aligned.
XDR is really a modernized take on the SOC. Practically speaking, XDR technically involves a tight integration between EDR, SIEM and security orchestration, automation and response (SOAR). It enables rapid detection and response, and offers benefits like:
One area sometimes overlooked by cybersecurity teams is around getting deep integrations into product or application security. Security teams are often well versed in protecting enterprise resources, such as domain controllers, shared drives, endpoints,
servers, etc., but can sometimes lack visibility and response capabilities with custom products or applications.
As a third initiative, consider strategically pushing to build security logging, analytics and response capabilities into your applications and products. It’s best to start with the end goal, and work backward from there.
For example, what kind of actions could security take to neutralize threats? Locking accounts, rate limiting, changing user roles and blocking IP addresses are all highly effective techniques that help neutralize potential threats. With a set of response
techniques in mind, what types of scenarios would you want to trigger them? An excessive number of 400 errors, web application firewall (WAF) alerts or impossible travel are all good options. Once you have your ideal alerts, identify what log sources
you might need to actualize them – and then get them in place.
Building a strategic and tactical roadmap is critical to the success of any security program. Going into 2022, next-level initiatives for good security organizations can vary widely, but the most common trends center less around buying new tools, and
more on tightening and deepening the integrations between your tools and corporate information assets.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
January 20, 2022
By IANS Faculty
How sound is your data governance program? It all starts with the basics. Learn how to establish a solid foundation for your data governance program.
January 18, 2022
Learn how to put a workable data management and governance process in place.
January 13, 2022
Understand how the three lines of defense work and learn how to apply it properly inside your organization.