Webster’s dictionary defines being proactive as “acting in anticipation of future problems, needs, or changes”. From a security perspective this means taking the initiative to protect the organization before it’s too late. The future security problems are the loss of information and system outages due to being compromised or negligence.
So the questions to be asked are:
The Need for Proactive Security
We have firewalls in place, but they alone do not make us secure. Having security and performing proactive security are quite different. Consider the use of an alarm system for your home. An alarm is set off once an intruder breaks into your home. There’s a feeling of security present with the alarm, but the fact is the intruder is still able to enter your home. Now consider putting rod iron bars over all your windows. Despite being an eye-sore, these bars provide more proactive security that makes it a lot less likely that someone will be able to break into your house and steal your belongings.
Information security can be looked at the same way, but without the ugly rod iron bars. As security professionals we want to (and need to) know when someone’s attacking us, performing recon or if data is at risk of exposure – BEFORE it happens. Otherwise you’re responding to an incident after it has already occurred.
Proactive Security Obstacles
The major reason proactive security is derailed is by making changes too quickly. The corporate culture in a company needs to be understood before Info Sec swoops in and starts making sweeping changes to the way they do business. “What do you mean I can’t upload my business files to a personal Dropbox account?”, or “Why can’t I log into my system with my domain admin account?”, or “Why install an IPS if we already have an IPS?”, etc. The challenge here is not security, but the change in the corporate environment that won’t bend because they’ve always “Done it this way and never had an issue”, which by the way doesn’t mean that you’re doing it right.
Another hurdle in proactive security is getting the proper technologies and procedures in place that aren’t going to slow your production environment, because if that happens you will have a mutiny on your hands. Putting a firewall or IPS in place that significantly slows down internet traffic to inspect each packet and causes huge amounts of latency isn’t going to work. Putting in a procedure that requires a DNA sample to get approval will also cause your program to fail in a big way.
How to Get Proactive
In order to perform proactive security you need to have visibility into your environment as well as a starting point and a vision. By knowing what you have, where you are, and where you want to be will give you a clear goal to the needs you’ll have to add to your environment. These areas could fall into the following areas:
Making sure your IT operations and security teams are aligned is key to having all three phases implemented properly. Start from the ground up with a steady dose of security awareness and build clout with other departments while you start chipping away at all areas that need assistance. There really is no choice between being reactive or proactive when it comes to a good security posture.
Receive notifications of new posts by email.