While reacting to alerts and incidents after they occur will always be a reality of the security professional’s job, a purely reactive security approach is simply not effective given the way that today’s technical infrastructures and the cyber ecosystem itself have become ever more complex. With organizations adopting new technologies — spreading sensitive data across different cloud servers, service providers, containers, and even various SaaS platforms — it’s essential that they begin to take a more proactive approach to security.
This means putting in place repeatable processes and automating as much of your infrastructure as possible, leaving behind time-consuming, inefficient, and costly ad hoc tactics. It also means integrating Security with Development and Operations from the outset, and prioritizing communication between teams to attain positive business outcomes.
Failing to establish a proactive security posture runs you the risk of becoming a statistic, as you’ll see below. Here are five figures that may provide you with just the motivation you need to get started.
1. 73% of companies have at least one critical security misconfiguration.
In an eye-opening 2017 study, Threat Stack found that the vast majority of organizations have at least one configuration mistake that could expose critical systems and data or enable an attacker to gain access directly to private services or the AWS console.
Among the most common (and most troublesome) misconfigurations we found were AWS Security Groups configured in a manner that leaves SSH wide open to the internet. It’s a simple error that allows attackers to attempt remote server access from anywhere, rendering traditional network controls like VPNs and firewalls useless.
This points to the need for basic hygiene and configuration auditing as well as optimized and automated processes. Instead of relying on traditional network controls, for example, servers should be grouped by role, leveraging automation to establish small and blessed network paths to model trust between peers.
Employing SecOps best practices here can help you avoid misconfigurations from the outset. Moving toward automated processes can limit the damage of any configuration errors that do occur.
2. 87% of compromises took minutes or less.
According to Verizon’s 2018 Data Breach Investigations Report (DBIR), the time it takes cybercriminals to compromise your system is usually only a matter of minutes or even seconds. What’s more is that only 3% of organizations discover the compromise as quickly, giving cybercriminals plenty of time to steal valuable data.
The speed with which cybercriminals are now able to compromise systems comes, in part, from sophisticated, automated attacks. So, if cybercriminals are using automation to move swiftly and efficiently, shouldn’t you be using it as a defense?
Many organizations currently employ the solid practice of build time detection of vulnerabilities, but they too often rely on this practice and allow patching to fall by the wayside.To reduce risk and maximize efficiency, patching should be automated, and sufficient resiliency should be built into systems to withstand automatic software updates.
In terms of system access and users, the principle of least privilege should be embedded into your tools and processes before a compromise ever takes place, and it’s important to move toward replacing manual activities with safer and more efficient automated tools.
3. It takes an average of 206 days to identify a breach in the USA.
Not only do breaches go unnoticed for far too long, according to the Ponemon 2017 Cost of a Data Breach Study, they’re incredibly costly too! The longer a breach goes unnoticed, the more expensive it becomes: According to Ponemon, if a breach was identified within 100 days, the average cost was $5.99 million. If it took longer to identify, however, the cost rose to $8.7 million.
The results of the Ponemon study emphasize the importance of optimized alerting processes and handling to enable your organization to identify a breach as quickly as possible. Manual processes can easily overwhelm you with a daily barrage of alerts, leading to alert fatigue. Instead, standardized, automated alerting processes provide valuable context that lets you quickly identify whether an alert needs further attention so you can react quickly to what’s truly problematic.
4. 72% of CISOs said their teams had experienced “alert and agent fatigue.”
Alert fatigue is real, as we are reminded by a new Bitdefender survey, and it’s showing us that manual alerting processes just aren’t working. Yes, we mentioned it above, but the latest stats on alert fatigue truly drive the point home.
Once you’ve integrated your security tool with the incident management and chatops tools that your Ops and Dev teams are already using, such as PagerDuty or Slack, you can focus on optimizing alert management. Doing so brings more value to resources, shortens Mean Time To Know, and is one of the best ways to add context to alerts and enable your teams to view all the data about an event in a single place.
You’ll then want to perform regular response audits to confirm that you’re following through with streamlined, automated processes and continually strengthening them over time. This way, you can improve your strategy and make your alerting workflows more proactive, while reducing overall risk.
5. The skills gap will leave an estimated 3.5 million cybersecurity jobs open by 2021.
The ideal security hire is nearly impossible to find in today’s market, at least at a price that most organizations can afford. You’re probably well aware that there’s a major talent drought in the industry, and the Cybersecurity Jobs Report predicts that the number of job openings will far outstrip the number of qualified candidates well into this century as cybercrime continues its dramatic rise worldwide.
So what’s a security team to do? Automated processes can’t replace human talent entirely, of course, but they can save significant hours of manpower required to manually patch systems and sort through contextless, false alerts. This frees up your security professionals — who are most likely overworked and under-resourced thanks to the skills gap — to focus their efforts elsewhere. The result is fewer vulnerabilities, which are caught more quickly than they would be if security were operating with manual, ad hoc processes.
With expanded threat surfaces, more complex infrastructures, and ever more sophisticated attacks, it’s a scary world out there, as the statistics in this post show. Never was there a better time to start thinking about strengthening your security posture with a proactive strategy grounded in automated processes.
Overwhelmed by the idea of where to begin? The Threat Stack Cloud SecOps Program℠ can help you identify your current security maturity level and work with you to set actionable goals to leverage SecOps at scale. Click here to learn more.