Friday, September 7, 2018
A security stack is a collection of resources a company uses to protect itself from cybersecurity incidents. When incidents do occur, companies often believe the solution is to increase tools in their stack. However, this may not always be the best use of the stack. In many cases, more tools can mean more work for cybersecurity analysts who are already addressing thousands of possible threats every day. Companies can simplify their security stack by eliminating redundant tools or ones that rely too heavily on manual monitoring, to improve efficiency. It’s not about having every new tool or service in your security stack — it’s about how you use them.
Simplicity is Key
Organizations should consider making their stack as simple as possible. Start by evaluating the efficiency of your existing security monitoring stack and think about the types of threats your network is not protected against. For example, can you spot insider threats? Layers of perimeter tools won’t help protect your company from a spear-phishing attack or malicious insider. Get the basics right, first and foremost. Technologies that provide real-time visibility into the activity of users are crucial to a well-rounded security stack. Companies must pare down on any security tools that do not offer several advantages beyond threat detection to ensure the security of their network. When it comes to security stacks, less can be more.
An Example Stack
During a recent Fuel webinar, Joshua Joiner, director of solutions engineering at cPacket Network, shared an example of a security stack and explained why it's been so effective. More advanced attacks and breaches have occurred in recent years. Firewalls combined with other solutions, which make up the typical security stack, can be neutralized by attacks. Firewalls are still the front line of cybersecurity, but every security stack contains more than just one tool. Joiner’s stack included four layers and five parts with a firewall/IPS as the base, TAPS to provide visibility, Smart Packer Brokers to make adaptation easier and both traffic analytics and PKT Capture to provide analysis. Below is a breakdown of each layer.
Firewalls/IPS: After nearly a quarter-century, the firewall continues to be on the front lines of security. Be sure to pick the right type of firewall for the right type of traffic. Because these form the base of most cybersecurity plans, you should spend time and research making sure your firewall is one of the very best.
TAPS: Providing a complete visibility solution for your security tools is important. Network TAPS and packet brokers, which we will get to next, ensure 100 percent packet capture. TAPS provide a comprehensive look at what's happening in your system and where the threats could be coming from. Quick response time is an important part of any stack or threat response. According to an article in CSO, companies can reduce the potential cost of data breach by as much as 30 percent by responding quickly.
Smart Packet Brokers: Adaptation is also important. As threats change, the tools in your stack must change, too. The network packet broker (NPB) allows each tool to plug into the NPB at once, as does each infrastructure element, which simplifies deployment and management of tools. Adding a new tool is easier because it only requires you to plug it into the NPB.
Traffic Analytics and PKT Capture: In order to combat threats, cybersecurity teams need a good picture of what's going on. Traffic analytics and packet capture help with this. Being able to analyze the data that's being transmitted through your network enables you to quickly recognize threats and make decisions. Traffic analytics helps to sort through the noise and find quality information, as well.
Quality Over Quantity
Finding a security stack that works for your organization takes significant forethought and research. However, if companies can keep their stacks simplified using the best tools rather than the most tools, many problems plaguing other stacks can be fixed. While the example stack described above is by no means the only way to assemble one, it does give an accurate picture of how a stack should be created and the thought process behind it.