Skip to main content

The Three Pillars of Cyber Security Defense

By: Morey Haber, vice president, technology at BeyondTrust

The foundation of cyber security defense has been clouded by point solutions, false promises, and bolt on solutions that extend the value of a given technology, based on a need. After all, if we count how many security solutions we have implemented from anti-virus to firewalls, you find dozens of vendors and solutions throughout an organization. The average user or executive is not even aware of most of them even though they may interact with them daily from VPN clients to multi-factor authentication.

If we step back and try to group all of these solutions at a macro level, we will find each one falls into one of three logical groups. These form the pillars for our cyber security defenses, regardless of their effectiveness:

  • Identity – The protection of a user’s identity, account, and credentials from inappropriate access
  • Privilege – The protection of the rights, privileges, and access control for an identity or account
  • Asset – The protection of a resource used by an identity, directly or as a service

While some solutions may be supersets of all three pillars, their goal is to unify the information from each in the form of correlation or analytics. For example, consider a Security Information Enterprise Manager (SIEM). It is designed to take security data from solutions that reside in each pillar and correlate them together for advanced threat detection and adaptive response. Correlation can come from any of the pillars that have traits that exist in each of the pillars. Time and date parameters are typically the foundation, and an identity accessing an asset with privileges is a simplistic way of looking at how the pillars support the entire cyber security foundation of your company. This answers, “What is inappropriately happening across my environment that I should be concerned about?” A good security solution should represent all three pillars.

For most vendors and businesses, the integration of these three pillars is very important. If security solutions are isolated, do not share information, or only operate in their own silo (one or two pillars), there protection capabilities are limited in scope. For example, if an advanced threat protection solution or anti-virus technology cannot share asset information, or report on the context of the identity, then it is like riding a unicycle. If pushed too hard, an environment could lose its balance and fall over. If that analogy does not resonate with you, imagine not tracking privileged access to sensitive assets. You would never know if an identity is inappropriately accessing sensitive data. That is how threat actors are breaching environments every week.

When you look at new security solutions, ask yourself what pillar they occupy and how they can support the other pillars you trust and rely on every day. If they must operate in a silo, make sure you understand why and what their relevance will be in the future. To this point, what is an example of a security solution that operates only in a silo? Answer—One that does not support integrations, log forwarding, has concepts of assets (even it if it just IP based) or even basic role access. Sounds like an Internet of Things (IoT) device. An IoT door lock that provides physical protection for assets based on a static identity that cannot share access logs or integrate with current identity solutions is a bad choice for any organization. A standalone anti-virus solution that has no central reporting on status, signature updates, or faults is another. There is no way of knowing if it is operating correctly, if there is a problem, or even if it is doing an exceptionally good job blocking malware. Why would you essentially pick a consumer grade anti-virus solution for your enterprise? Unfortunately, this happens all the time and we end up with the bolt on approach to solve the problem.

As we stabilize our cyber security best practice, and focus on basic cyber security hygiene, consider the longer-term goals of your business. If you choose a vendor that does not operate in these three pillars, has no integration strategy, or is an odd point solution, be aware of the risks. Everything we choose as a security solution should fall into these pillars; if they do not, then ask a lot of questions. For example, why would you choose a camera system without centralized management capabilities? It falls into the asset protection pillar, can monitor physical access by an identity, but without centralized capabilities and management, it is a standalone pole not supporting your foundation. It needs to support all three pillars to be an effective security solution and ultimately provide good information for correlation, analytics, and adaptive response.

In conclusion, some may argue there could four or even five pillars for a sound cyber security defense. They could be education, partners, etc. to support your foundation. I prefer to think of all tools and solutions in these three categories. Why? A three-legged stool never wobbles!

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

Semalt Expert Tells The Reasons Qualitative SEO Services Are Not Cheap

Just like the internet, Search Engine Optimization is constantly changing. Also, it's becoming more difficult to perform a good SEO as soon as Google is continuously improving the algorithm of ranking websites. SEO becomes more complicated so you should expect to pay more for hiring SEO specialists or agencies.
The leading Customer Success Manager of Semalt, Igor Gamanenko explains what factors force SEO services cost increase.
SEO Expertise
SEO has been undergoing the crucial changes and updates over the last 10 years. In the early days of SEO, Google only was caring about the technical aspect of your website, links and keyword metadata to rate you higher. The rating guidelines were quite easy: all you had to do was using some keywords in your metadata and more links than your competitors. This was enough to give you a higher ranking in search engines.
Today, the game has completely changed. Through semantics, Google has a better understanding of internet searches, so it can judg…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…