Acknowledging 5 Common Gaps in Existing Security Infrastructure

by Mike Parkin on June 2, 2020

The last couple of months under a global pandemic have forced everyone to look at life and business differently. For a lot of people in the tech industries, it has meant looking at new ways of doing our jobs. Where telecommuting and remote work had been relatively common, it’s become the norm for a lot more of us recently.

No revelation there, right?

One thing it has also done though, is make us take a closer look at our existing cybersecurity tools and processes. How we can adapt our IT security portfolio to an environment where everyone is working from home, but still needs access to all the tools and resources they had before? How have our policies, and systems held up to the upswing in VPN use, distributed workers, shifting meetings on-line, and everything else that we’ve had to change to adapt to this “new normal?”

We are adapting, of course. The tech industry has a history of innovation and adaptation which means we can turn a crisis into an opportunity. But this forced shift in perspective has helped reveal the gaps in existing security infrastructure and policies.

Mind the Unknown Gaps

The details of each organization’s gaps in existing security infrastructure might be unique, but there are some common threads – for example, the adage about “unknown unknowns.” The fact is you really don’t know what you don’t know, and this crisis has forced organizations to review their existing security infrastructure, policies, and procedures. It has forced them to take a deeper look at the people, devices, and relationships that already exist, and those that may have just come into being, in response to the challenge.

Sponsorships Available

Suffer Not from Alert Fatigue

Many of the gaps in existing security infrastructure are known. How long has analyst overload from getting too much information, from too many sources, in too many formats, with too many conflicting priorities, been an issue? That flood of uncorrelated information makes it hard for analysts to tease the real incidents out from the noise so they can proactively stop threats in real-time. Often there is no coherent threat analysis or prioritized risk presentation that lets them do their jobs efficiently, or automate the most effective responses.

Handle Your Permissions with Care

A solid understanding of user permissions and relationships are another likely gap. How has the old legacy of “you work on Bob’s team, so we’ll give you the same permissions” been the dominant paradigm? Now imagine how those cut and paste permissions may be getting out of hand under the new remote work model. It’s improvised overprovisioning at best.

Don’t Be Targeted

What about 3^rd party and vendor access to the environment? It was difficult enough to track contractor access before the pandemic. But how is your organization coping with it now that your vendors are similarly operating under new restrictions and policies? There’s a well-known case where a major retailer was breached by attackers hitting the softer security of their HVAC vendor, then spring boarding into their environment. Don’t let a 3rd party breach be your legacy…

Attack Cybercrime with Advanced Analytics

Advanced analytics can bring it all together. Take the overwhelming flood of information and consolidate it into one place, then run it through a Machine Learning engine to identify the anomalies and outliers. This enables an organization’s security operations team to identify issues they could not have seen before, and a single consolidated and correlated risk score makes it much easier to respond to threats. With this new perspective, analysts can uncover some of those previously unknown threats.