Cybersecurity has become the focal point of all organizations in the more recent years. Tackling Cybersecurity can seem daunting given the various requirements, regulations, and approaches. Security should be at its mainstay there to support the organization in its mission by protecting information systems. At the core of understanding a holistic approach lies in understanding the organization’s goals and the critical information systems to protect. Various local, state and federal regulations might impose other requirements to factor into your security program.
We have much wisdom around how to take these requirements and build a sane control set using a variety of approaches. It may seem like a single solution or virtual appliance in your network will solve it all, but truthfully there are many ways to reach your goals.
Understanding risk and threats start with a monitoring strategy. Having a view and window into your environment from multiple vantage points is critical to begin your journey. There are many ways to collect, store and analyze this data. This data is also an excellent tool (SIEM) for threat hunting and auditing for incident response. It also allows you to create actionable events for further automation and remediation.
We’ve taken this approach to receive multiple Impact Level 5 and 6 ATOs. Rather than focus on check the box security or point and click approach, we would build out a policy-as-code engine using technologies such as Terraform, Terragrunt, and Ansible, that clarifies the policy and continues to apply it. The process enables auditing and transparency around policy, which keeps it open and changeable to all in your organization. It also gives engineers the ability to apply security exception conditions that are submitted as a Code Review, which can be assessed by the security team and commented. It also satisfies the needs of auditors and authorizing officials (AOs).
While the two above approaches cover much ground, it’s essential to take a more surgical procedure to assess potential vulnerabilities. Assessments can be fulfilled in many ways, from scoped penetration testing to building out Red, Blue, Purple team approaches. We also know that assessing cloud environments may require non-traditional mechanics, so we can help map out how to present valuable findings to protect your infrastructure ahead of adversaries.
When security events happen, correlating data quickly and accurately is essential. Gathering these points requires unique talents that are wisdom and expertise-driven. We understand that this might be a secondary skill, but we believe that all members should keenly consider resolving an incident while building systems. These skills, in turn, mean that the instrumentation and observability are built into the underpinnings of each effort.