Many security investments are driven by regulatory and industry standards compliance requirements, but that often leads to a reactive security approach, leaving gaps that can be easily exploited. We believe an end-to-end stance is required that covers processes from threat prevention through detection to response. By implementing a Security Intelligence framework, organizations will benefit both in terms of risk reduction as well as allowing the business to run smoothly, without the need to constantly be in firefighting mode as incidents occur. By striving for higher levels of security maturity, security objectives will be much more easily achieved.

Security risks are everywhere and occur everywhere, from small and medium organizations to large enterprises. Everyone should consider themselves a target and the consequences of being hit can be huge. Cybersecurity has become too important to be left to chance. Security threats are increasing in volume, severity and complexity. Attackers use increasingly advanced methods to try to breach defences – and are successful in so many cases that it is not a case of if you will be breached, but when and how often.

 

Focus shift to detection and response

 

Security strategies focused merely on preventing attacks from reaching the network is insufficient. To safeguard sensitive data, the focus must shift to detection and response. A new mindset is required for security. Security risks need to be seen in the context of overall risk, including financial and operational. Security needs to be pervasive, throughout all levels of the organization and across all systems on and connected to the network. Only then can an organization achieve the level of security that is required.

 

The 5 levels of security maturity

 

In this blog, we take a look at the stages involved in the security maturity journey and define the five security stages organizations can find themselves in. We believe organizations should consider how they can move up the scale to reach the level of security maturity that is most appropriate for them.

Level 1: Basic

  • Focused on prevention.
  • Security is seen primarily as an IT problem.
  • Security under-funded.
  • Basic perimeter control.

Organizations will be putting out fires, trying to ward off attacks with insufficient security controls, generally placed at the perimeters of the network to prevent what attacks they can from getting through. Security is seen primarily as an IT problem. But the point of IT is to increase efficiencies and keep the business running smoothly. This often leaves security under-funded. In recent years, regulatory mandates and the need to comply with industry standards that demand security controls be placed on sensitive data have led to the need for greater investments to be made in security. Yet, this often leads to organizations investing in just those technologies that they need to achieve compliance, with little overall oversight.

Level 2: Standard

  • Investments driven by mandates.
  • Checkbox attitude.
  • Ad hoc processes.
  • Minimal reporting to executives.
  • Monitoring technologies implemented.

As organizations move up the security maturity stack, they move from a strategy based around prevention alone to one of detection and rudimentary incident response, implementing more proactive controls and putting in place more formal policies and processes.

Level 3: Essential

  • Improved capabilities for detection and response.
  • Security more integrated into the business.
  • Larger security team, more autonomy from IT.
  • More pro-active controls.
  • Formal policies and processes, including basic incident response.

At this stage, security becomes more integrated into the overall business and achieves more autonomy from IT.

Level 4: Vigilant

  • Able to see and quickly respond to threats.
  • High levels of automation and integration.
  • Strong executive support.Large, dedicated security team.
  • Able to see advanced threats early.
  • Formal incident response with established countermeasures.

By the time organizations reach the fourth level, they are becoming more resilient and are achieving security maturity. Executive support is essential to drive investments in technologies that enable them to see and respond quickly to threats, backed up by a team of dedicated security personnel. They will be better able to counter even advanced threats and respond to incidents in a timely manner using countermeasures that have been developed.

Level 5: Resilient

  • Capable of withstanding and defending against even most extreme attacks.
  • CISO reports to CEO.
  • Cybersecurity part of the culture.
  • Extremely resilient.

The fifth level is the expert level, where a high level of security maturity has been achieved and the organization is capable of defending against and withstanding even the most extreme attacks. Generally, the CISO has a place on the board, reporting directly to the CEO so that cybersecurity risks are considered alongside all the other risks that the organization faces and a culture of security is driven throughout the business.

To get to the fifth level, there are a number of things that organizations need to do. Firstly, they need to invest in capabilities that cut right across the threat detection and response lifecycle, backed up by strong capabilities in terms of Security Intelligence. Secondly, this requires that adequate budget is allocated to security and that the entire program is overseen by an executive with sufficient clout to bridge the traditional security communications gap between security practitioners and those in charge of the purse strings. With adequate resources dedicated to it, security can come to be seen as an enabler for the business, rather than a hindrance, and a culture of security can be driven throughout the organization.

 

The need for unified Security Intelligence

 

The shift from prevention to detection and response requires greater Security Intelligence. It starts with the ability to capture data from every system throughout the network, whether that be an endpoint, a network security device, or even a physical security device. Every threat or incident leaves forensic traces that can be collected from log and machine-generated data from all these systems. Security Intelligence provides the ability to correlate, visualize and analyze this data to discover the sequence of how an attack occurred, how far it has spread and which systems have been impacted. By leveraging a Unified Security Intelligence Platform, context is applied to raw data from disparate sources, turning it into actionable intelligence.

Automated response Security Intelligence will provide organizations with the actionable insight that they need to determine the best way to respond to and recover from any security incident that occurs. This will help to quickly decide on countermeasures in order to limit the damage caused and to allow normal business operations to be resumed as quickly as possible. However, for incident response to be effective, it must be as automated as possible – especially since the top impediment to incident response is lack of dedicated in-house personnel.

 

Benefits of using Security Intelligence to increase security maturity

 

As organizations move beyond firefighting and compliance-oriented mindsets and switch from a policy of prevention alone to threat detection and response, Security Intelligence is vital for guiding organizations through the process. It will add context to raw data collected from throughout the network, giving organizations the intelligence and actionable insight that they need for more informed decision making. It will help guide organizations along the path to achieving full security maturity.

Read more about Log monitoring and how your company could benefit.