Managing cybersecurity solutions: a job for the long haul
02 04 2020
Year on year, cyberattacks are becoming increasingly sophisticated. A long-term response to the ever-evolving threats posed to cybersecurity cannot be provided merely by rolling out a security solution. Before identifying the company’s sensitive assets and after performing a risk assessment, there is a vital need to manage cybersecurity solutions as part of the ongoing protection of workstations, servers and networks.
Increasingly rapid evolutions in these new threats call for an appreciation of the wider issues involved in cybersecurity. For this reason, the management of cybersecurity solutions is critically important, as it reduces attack surfaces and ensures a high level of protection. After all, there’s no such thing as an easy ride when it comes to cybersecurity.
The (correct) implementation of a security solution
An initial phase consists of analysing existing resources and drawing up an accurate inventory of protection methods already in place. Before planning how to implement a solution, it’s important to run pilot phases to examine how it performs in the real world. An initial phase is to anticipate anomalies and prevent possible disruptions.
This is followed by the actual deployment (or roll out) phase for the solution. In a perfect world, the solution should be fairly simple to implement – providing, for example, a tried and tested UX (user experience) via its graphical interface. However, some situations are more complex than others: network architecture validation, new security policy, redesign of public key infrastructure (PKI)… and may require specialist assistance from the publisher. Here at Stormshield, such requests are handled by our Professional Services team – providing human resources directly on site to fine-tune the configuration of solutions in complex situations.
And make sure you don’t forget to tick the training box, to ensure you make the most of the solution’s potential.
Managing a security solution
Although the first part is often entrusted to standard IS Director/CISO profiles (specifying the security policy and network architecture), this stage applies more to system administrator or IT manager profiles. These are the people who will actually be getting their hands on the product itself. From initial implementation through to managing backups – via regular modifications and problem solving – the scope for intervention is a wide one!
This takes us into the maintenance phase – which can assume a variety of forms and names. In summary, this covers:
- in-service support (ISS), the aim of which is to ensure that the daily life of the company runs smoothly and any breakdowns are repaired,
- and security maintenance (SM), the aim of which is to maintain the optimal level of security.
In both cases, the maintenance service contract provided by the publisher is one of the means used to handle this phase – in several different ways.
Whether in the form of bug fixes (as part of the ISS) or security patches (as part of the SM), updates are crucial, and they must therefore be applied as soon as fixes are available. However, they are not without their drawbacks: in cases where they require the reboot of a system, the result can be temporary production downtime. This is not always acceptable, and sometimes even impossible, particularly in an OT environment.
With a non-updated product, the risk is that companies will expose themselves to cyberattacks, believing themselves (wrongly) to be protected.Farid Ichalalene, Stormshield Support Manager
“Some updates are automatic, such as antivirus signatures or IPS (Intrusion Prevention System) signatures, and are very regular, with checks made several times a day, explains Stormshield Support Manager Farid Ichalalene. Others are manual, requiring the solution itself to be updated: in this case, the frequency is variable, and requires staff to keep abreast of new developments, e.g.: via the RSS feeds provided by the editors, email updates, or regular visits to customer areas. With a non-updated product, the risk is that companies will expose themselves to cyberattacks, believing themselves (wrongly) to be protected. Hence the importance of remaining vigilant and being thorough with updates.” Updates are therefore an essential part of ensuring that systems continue to work correctly over time. “And the maintenance contract is vitally important, as it governs access to updates and technical support. A security product without security updates rapidly becomes obsolete,” Farid points out.
A security product without security updates rapidly becomes obsoleteFarid Ichalalene, Stormshield Support Manager
Lastly, administrators can find themselves dealing with situations involving anomalies or faults that they cannot resolve on their own. That’s when technical support – a dedicated point of contact in difficult situations – comes into its own. By providing a way of identifying the origin of the fault, technical support assists your staff in effectively maintaining their security solutions.
It is therefore vitally important for security solutions always to be covered by a maintenance contract, providing access to publisher support (from updates through to technical support, and including hardware warranties).
Cybersecurity solutions management tools
When presented in a list like this, all these cybersecurity solution management actions can appear daunting – in terms of their human costs. The key to addressing this concern is to make sure you are fully familiar with the security solutions management tools. The goal: to ensure the best security for your network on both an ongoing and a daily basis.
In cases where a single solution is in place, the management console should be easy to learn, and – most importantly – offer easy-to-read everyday dashboards.
However, assuming a pool of different security solutions, it is possible to automate repetitive tasks and, in this way, save time which can then be devoted to the most important tasks, thanks to an efficient centralised administration system. To reduce in-service support costs for the network security infrastructure, it is vitally important to optimise the tasks of monitoring, configuring and maintaining security equipment. Here, UX and ease of use become critically important factors.
Solutions management is thus based both on optimal solutions and on the key stages of deployment, maintenance and real-time systems monitoring. In addition, management consoles can save precious time in monitoring risks and resolving problems – for example, by providing an automatic redirection from an alert to the configuration parameter in question. A combined solution of this sort will enable a company to protect itself effectively against cyberattacks and take a long-term view of its defence strategy.