We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services.

But what happens when these systems fail. How much effort are we putting into planning and maintaining our security solutions to ensure they’re available when issues occur?

The First Step? Knowing What’s on Your Network

One of the first steps to improving security availability is identifying the key tools and processes that you depend upon both during normal operational scenarios as a team’s “daily drivers” and during specific scenarios relating to security incidents. It’s easy to see how your infrastructure’s perimeter firewall plays a key role in ensuring access in and out of your network, and thus downtime can impact normal operations. But does an outage of your file integrity monitoring solution have a similar impact if it lets a suspicious file or setting propagate on your network?

I’d suggest creating a tiered system for your security products to identify your availability needs, factoring in various considerations including the requirement for the service to operate during an organization-wide failover scenario, the importance of “fresh” data, and the level of effort required to failover and failback.

But What’s “Security Availability,” Anyway?

The next thing item I’d suggest is determining what availability should look like for a given application or appliance. Backup and High Availability (HA) are widely understood in the world of IT, but implementing a generic “one size fits all” approach to backups and HA can result in a burdensome design that increases the overhead for maintenance. Instead, I’ve seen the most successful firms succeed with a strategy that has “availability classifications,” which identify the recovery time objectives for a given application based on (Read more...)