Not every executive is aware of all the essential security tools that every organization needs. This blog post is intended to be a quick primer for those executives, and it also serves as a talking points memo for IT security officers who need to communicate the key security elements.
There are several core security concepts, elements and tools that every organization needs. Regardless of size or risk level, security foundations are the same across every company. These essential security tools include:
- Multi-factor authentication
- Intrusion detection system (IDS)
- Anti-malware scanner
Many of these security tools can be obtained in an open source form, as a cheap consumer-grade product, or as an expensive commercial solution. It is not necessary to always purchase the most expensive option but neither is it good security practice to assume that the open source product will be sufficient. Even a free security product will cost something. That cost could be in administration, maintenance, downtime, or loss. Every security tool needs to be evaluated for its reliability, availability and compatibility with your existing infrastructure.
The following descriptions may be used by IT security managers to explain the importance and function of these essential security tools to C-suite members.
A firewall is a hardware or software system that prohibits unwanted network communications. Most firewalls operate in a deny-by-default and then allow-by-exception security stance. Firewalls keep a majority of unwanted packets and connection attempts from entering the private network. In addition to a boundary firewall, they should also be deployed between each company division as well as on every computer, server and client.
Encryption is used to protect the confidentiality of stored data and communications. Without encryption — data theft, leakage and eavesdropping are likely to occur. The prevention of private, confidential and proprietary data disclosure is essential to the long-term viability of an organization. All storage devices and all communications should be encrypted.
Multi-factor authentication is used to provide solid verification that a person is the authorized user of a network account or of a specific device. Password only authentication solutions are cheap but they can be bypassed or compromised by dozens of different exploits. By requiring two or more different authentication factors, an attacker would have to perform numerous and simultaneous exploits against a wide range of systems in order to have any chance of user impersonation. Additionally, strong authentication will assist in holding users accountable for their actions recorded in log files.
An IDS is used to detect the numerous exploitation attempts that an organization will experience on a daily basis. An IDS can be implemented to monitor both external and internal attack attempts. Network and host-based IDSes should be used to provide a complete monitoring of the entire infrastructure. An IDS won’t stop an attack but it will likely detect when attacks and violations occur. Thus, the security staff will be aware of a security breach so they can respond to it promptly.
Anti-malware scanners are used to detect malicious code as it attempts to gain a footing in your environment. They also remove and clean up any infections that have already occurred. Modern anti-malware products maintain a massive database of known malicious code and employ a range of advanced-detection techniques to potentially detect new and yet-to-be-discovered malware.
Backups are the only means of protecting against data loss. If there is only one copy of information, it is at risk of being lost forever. Keep in mind the three rules of backup: 1) Keep three copies of all data (the original and two backups); 2) Use two types of storage solutions (such as drives and in the cloud); and, 3) Don’t store all the backups in one place.
Auditing is needed to track the activities of systems, processes and users. It creates a record of historical occurrences for the purposes of trend analysis but also compliance and violation analysis. Without audit trails (also called logs), there will be no proof of what took place and who was responsible.
These are essential security tools that no organization can be without. IT security managers have a responsibility to educate top-level executives about these and other security mechanisms that are important to your organization. However, keep in mind that those executives want big-picture information such as company impact and long-term benefits. Executives need to trust and rely on their IT security managers, and those security managers were hired based on their expertise, so listen to them. Ask questions, don’t make decisions on products, solutions, and infrastructure changes unless you understand why those changes are needed. An executive does not need to know how to configure a firewall or what the key length of his encryption key is, but he does need to know why these security tools are essential to the continued success of the organization.