Why Your Network Security in St. Louis Demands an Inside-Outside Threat Defense Strategy

Do you feel the security of your network is “in the bag,” so to speak? Or, is there something left to be desired in terms of your network security strategy that you need help with from true IT security experts? Whatever the case, Alliance Technology Partners can help. We can show you how your network security in St. Louis demands an “Inside-Outside” threat defense strategy that assures you ongoing security network-wide.

Big Data Breaches Tell the Tale of Network Security

A recent Forrester report revealed more than half of global network security decision makers whose firms had suffered a data breach in the past year said they had experienced at least one insider incident. And after some of the biggest data breaches of the recent past, like those that struck Equifax, Anthem, eBay, Target, and Yahoo!, we should expect to see more of these insider attacks as criminals leverage stolen, personal information to masquerade as legitimate employees.

As 2018 unfolds, you may be eyeing your budget, deciding what to cut and what to invest in regarding insider security threat mitigation. Some of you St. Louis businesses may already have a program in place, while others are starting from scratch. Either way, an insider threat program should begin and end with two questions:

What do we care about protecting most? And, how is it being protected?

A good place to start to answer those questions is with a trusted business continuity team. Ask them this: if a natural disaster struck tomorrow, which assets would or could you protect first? Chances are the assets they (us) would want to protect in a natural disaster will be the same ones the company would want to protect from a cyber breach incident.

A knowledgeable business continuity team like Alliance’s understands which assets if compromised, would cause minimal and maximum damage. For example, a cybersecurity professional may be focused on an employee who’s about to leave the company and the possible breaching of the confidentiality of a certain application. However, (just to highlight the varied nuances of data protection and security strategies), the business continuity team may say that the business would have a more difficult time surviving an availability problem if disgruntled insiders took down another application.

Alliance employs a unified approach in integrating these various elements of security and disaster survival.

The availability problem is a bigger threat to your bottom line than a confidentiality problem and thus, applications that absolutely cannot go down should be prioritized. The key is to find out which assets you have from a business continuity perspective and put insider threats in the context of what you stand to lose in a cyber threat occurrence.

It’s nearly impossible, however, to build an insider threat program without knowing what you must protect. This is key to building an inside-outside threat prevention strategy.

From there, you should focus on two distinct dynamics. First, you’ll want to stop sensitive data from leaving the company, which is where technology comes into play. Explore technologies that prevent sensitive data from getting into the wrong hands. Data loss prevention (DLP) is a traditional technology that has gone from hero to goat, and back to hero again due to new compliance mandates like the GDPR, a string of high-profile breaches, and the explosion of cloud application usage and remote connectivity.

Data loss prevention technologies of the past tended to buried analysts in alerts, many of which were false positives, to the point where they would turn off DLP policies to avoid hindering business processes.

But, we now have DLP policies in place which employ only “true positives” and alerts only when real trouble arises.

We also use analytics platforms to automate the communication process so that our security teams are not scrambling trying to locate who owns the application, the best way to contact those owners, and how to ask them to provide the information. Analytics platforms also automate the process of sending the alert to analysts, again avoiding manual labor headaches, and saving significant time.

We focus also on communication; specifically, communicating (or assisting you in communicating) threats up, down and across your organization. Once you have identified a threat, who should the information go to first and how? To reduce noise in the Security Operations Center, our security teams engage business application owners who govern the assets under attack to confirm if the unusual activity is indeed unusual or if it was “business justified”. If the owner deems the behavior unusual, then the alert will go to SOC analysts in charge of investigating.

Key questions to ask when considering building a robust and reliable network security program:

1. Have you aligned the impact of insider threats to your company’s risk management program?
2. Have you identified the crown jewels of the business and what happens if they are compromised?
3. Have you aligned your insider threat program to your company’s business continuity efforts?

If the answer is “No” to any of these — Alliance Technology Partners can help you build your network security in St. Louis – to the point of being able to answer “Yes” to all the above questions instead.

The board or higher-up execs and department heads will also want to know about any active threats that could potentially hurt the company and what you have done to mitigate them – another area we can help with.

Adopting Healthy Network Security Best Practices

To help guide you through this process, here are some network security best practices that mitigate IT theft, IT sabotage, and fraud. For example, your organization should implement strict password and account management policies and practices, enforce separation of duties and least privilege, define explicit security agreements for any cloud services, and institutionalize system change controls:

1. Consider threats from insiders and business partners in enterprise-wide risk assessments.
2. Clearly, document and consistently enforce policies and controls.
3. Incorporate insider threat awareness into periodic security training for all employees.
4. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
5. Anticipate and manage negative issues in the work environment.
6. Know your assets.
7. Implement strict password and account management policies and practices.
8. Enforce separation of duties and least privilege.
9. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
10. Institute stringent access controls and monitoring policies for privileged users.
11. Institutionalize system change controls.
12. Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
13. Monitor and control remote access from all endpoints, including mobile devices.
14. Develop a comprehensive employee termination procedure.
15. Implement secure backup and recovery processes.
16. Develop a formalized insider threat program.
17. Establish a baseline of normal network device behavior.
18. Be especially vigilant regarding social media.
19. Close the doors to unauthorized data exfiltration.

[Source credits: Software Engineering Institute, Carnegie Mellon University; CSO.com]

For Ongoing Network Security St. Louis Businesses Must Have – Call Us Today

Let Alliance Technology Partners guide you through the all-too-confusing labyrinth of network security issues and remedies. Call us today at (314) 649-8888 or email us at info@alliancetechpartners.com to learn more about how to get started right away with the best network security in St. Louis for businesses like yours!