As an information security professional, there are many things that are outside of your control. The threat environment, the tools available to attackers, even the political climate can have a direct impact on your day-to-day job.
The one thing you can control is how you spend your time. It’s no wonder that prioritisation is such a hot topic in information security.
In order to better understand how people in the security industry are spending their time, Tripwire conducted a survey of more than 300 industry professionals. The survey asked a number of questions around this topic, but two data points stand out as particularly informative.
Of the 300 security professionals who took part in the survey, 60% highlighted the time and resources required as an important consideration when choosing endpoint security strategy.
However, 50% said that they do not feel they have enough skilled staff to install and maintain these endpoint security solutions. It would seem that, given the skills shortage in the security industry, these professionals are seeking solutions that help to efficiently securely configure and monitor many assets and endpoints across the enterprise.
In a crowded market full of security solutions, it’s difficult to know which one will actually address your needs and save valuable time. Here are a few tips to consider:
Integration is key
No product is deployed in a vacuum. In reality, any new product you deploy is going into an organisation full of other people, processes and tools. Any endpoint security technology, from anti-virus to file integrity monitoring to secure configuration management, will have to interact with the existing environment.
There’s a big difference between interaction and integration. If you don’t determine the integration points up front, you’ll waste valuable time addressing the interactions during and after deployment. Integration isn’t just technical either.
You have to manage the integration across tools, people and processes to be successful. The number one indicator of a successful security deployment is effective integration with the organisation. Consider integration to other tools, to workflow, to ticketing.
Consider how the data collected will be shared with the people who have to take action on those results.
Understand the problem you’re trying to solve
The information security space is rife with shiny object solutions to chase. It’s easy to be pulled into the aura of a new tool, using the latest technology, but if you’re not solving the problem on the table in front of you, you’re wasting precious time.
Understanding the actual threats to your organisation is a key component in deciding what kinds of endpoint tools you need. Don’t buy for the 2% when you haven’t addressed the 98% first.
Explicitly identify adjacent efficiencies
There’s nothing wrong with getting more out of a tool than you originally planned, as long as you don’t confuse the primary problem with secondary solutions. After you’ve defined what problem you’re solving and figured out how the solution will integrate into your organisation to solve that problem, it’s worthwhile to examine what adjacent areas the tool might also service. Think of this activity as fishing for efficiency.
Be realistic about your capabilities
Security monitoring products can produce a lot of data, but that data is only as valuable as your ability to take action on it. When evaluating tools, consider how the features will actually be used in your environment.
Consider how you’ll operationalise the data being produced. You may have an ideal implementation in mind, but if your organisation isn’t ready for it, then consider building a roadmap to that ideal.
You should lay out a plan that includes staffing needs, organisations transformation, and additional product purchases over time to get to your goal.
The security world is full of tools that are partially implemented, and deliver only a portion of their capabilities successfully. Ultimately, the cost of a less effectively implementation is less effective security. Following these tips will help you design and implement your next security tool more effectively, and more successfully.
Sourced by Tim Erlin, director, security and IT risk strategist at Tripwire