Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)
With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward.
1. Hiring Managed Security Service Providers (MSSPs)
Going with a managed security service provider (MSSP) is an easy way to outsource your security, but do you really want to put your security in someone else’s hands? Often, working with inexperienced team members is one of the major downfalls of MSSPs, and you could easily find yourself on the phone with a recent college grad who is trying to sell you on expensive new tools that you’ll need to stitch together yourself.
Even more troubling is a new survey by Advanced Threat Analytics, which found that MSSPs have a major problem with alert fatigue. Nearly half of the survey’s respondents reported a 50% or higher false positive rate, causing analysts with too many alerts to process to reduce the sensitivity of their alerting systems or ignore certain alert categories altogether. You have to wonder what’s getting lost in the shuffle.
The lack of control over your own security, coupled with oftentimes inexperienced service providers, makes for a less than ideal security strategy. While MSSPs can be helpful in some cases, they more often fall flat.
2. Relying on Open Source Tools
Open source security solutions can prove tempting. Not only are popular tools like OSSEC (an open source host intrusion detection system) readily available — many are free! But remember: Free does not mean trouble-free. Most of these tools require DIY deployment, which calls for an extensive investment in resources and expertise. It typically takes two to four full-time engineers to build and maintain an OSSEC implementation, for instance.
Once the lengthy process of getting up and running is complete, the challenge becomes parsing your data. Open source tools tend to provide an overwhelming amount of security-related data, leaving you with an inability to make heads or tails of the information in an actionable period of time.
Relying on the traditional file integrity monitoring of open source tools, for example, allows for scheduled scans of file systems every six hours, creating signatures of files and comparing them to see whether a file has changed. In the event of an incident, this delays response time with inactionable data in comparison to the continuous file integrity monitoring of a platform like Threat Stack, which detects when certain files or directories are acted upon, allowing you to respond quickly to prevent a breach.
While it’s possible to integrate open source tools into your larger security strategy, they simply aren’t powerful enough without lots of time invested tuning and tweaking settings, accurate enough to rely on solely, or easy enough to implement to comprise a comprehensive security solution. Too often companies purchase tech in hopes it will solve their security problems. What happens is they end up with multiple point solutions that don’t integrate well together and end up “showing” you data but not “telling” you anything.
3. Investing in Machine Learning Solutions
Machine learning solutions often promise a “set it and forget it” approach, but when something sounds too good to be true, it usually is. The lack of hands-on involvement means that machine learning tools take time to learn your environment, and they can be thrown off easily by changes. They also allow for little customization, so you’ll quickly find that your shiny new security solution can’t be tailored to your unique environment, resulting in a disappointing lack of accuracy. A deep understanding of your environment is needed to provide the context and understanding of what is “normal” to find a baseline that can work.
Moreover, while machine learning solutions are good at identifying malware, most prove much less successful at identifying attacks that have already breached your perimeter. To gain visibility into stolen credentials or lateral movement after an attack, you’ll need a more advanced approach than what machine learning is currently able to provide.
There’s no doubt that machine learning is promising, but when it comes to providing a comprehensive security solution, the technology just isn’t there yet.
A Better Alternative
Ultimately, the problem with the solutions discussed above is that they tend to put you in a reactive mode, scrambling to maintain the status quo, rather than working to improve your security maturity over time. Companies need to take a significantly more proactive approach if they want to create and maintain a strong security posture that optimizes the use of limited resources and deliver security that enables the organization to operate at cloud speed.
Sound impossible? The new Threat Stack Cloud SecOps Program℠ enables companies of any size to integrate security into their operations processes. Leveraging Threat Stack’s comprehensive Cloud Security Platform®, this new co-managed service offers both the technology and expertise necessary to leverage modern infrastructure and DevOps at scale. The three-part program includes:
- A Framework to help security and operations work together
- Technology built specifically for modern infrastructure
- The experts you need to manage it all
These experts work with you, not for you, allowing you to take deeper ownership of your security without having to piece together point solutions or hire expensive, hard-to-find talent. The result is greater efficiency in reducing your risk while managing costs and resources.
To learn more about Threat Stack’s new co-managed solution, click here.
*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by Christian Lappin. Read the original post at: https://www.threatstack.com/blog/three-mistakes-teams-make-in-operationalizing-security-and-a-better-alternative/