The Maginot Line
For those of you who don’t know I am a history nut and epically surrounding World War II. Recently I was watching the history channel as I do when there is nothing on and the program was discussing the Maginot Line. The fortification that the French constructed along its borders with Germany, at the time it was built it was extolled by military experts as genius. I believe we all know how the rest of the story goes but one comment did stick out to me when they were describing the thought process behind the line, “Generals always fight the last war, especially if they won it.”
I have been meeting with some customers recently that have been dealing with malware outbreaks and they have a few commonalities between them. First they are using tactics that were used to win the last war. They are mainly counting on technology that is over five years old, Anti-Virus and additionally not deploying the advanced features in the older versions of software. Secondly not listening to intelligence gathered from the field. Many of these customers have not modified their environments according to industry best practices such as leaving auto run enabled. Finally they don’t understand how well their defenses are working, this is the set it and forget it scenario then when trouble strikes they find out it is not working and hasn’t been.
There are three steps you can take to ensure that this doesn’t happen to your organization. The first two steps complement each other. Evaluate annually or when necessary the technologies, tactics and configurations you are using. Do they still fit the current threat environment? Has there been a recent upgrade? Are we using all the features and if not should we deploy them? Listen to your intelligence and modify your strategy when necessary. Security isn’t static. A great example of this is when I was speaking to a CISO recently about targeted attacks. She mentioned that as they saw an increase in multiple redirected web links being used to distribute malware and they ensured that their mail protection was checking these recursive links.
Operationalize security, when you deploy a security technology or tactic understand how you will measure if it is doing a good job or not. What are the metrics and KRIs? Who will monitor them? How do these metrics roll-up into your overall security metrics? Too often the technology is put in place and forgotten about until there is a situation then you find out no one was watching.
In closing it is extremely important that we as security professionals don’t rest on our laurels and get outflanked. Evaluate your technologies and tactics, listen to your intelligence, measure if it is working and fight today’s war.