Effective Breach Defense Through Cyber Security Frameworks

charles.clawson Respected Contributor.
Respected Contributor.
1 0 1,767

I recently wrote an article on TechBeacon titled, “How to boost your breach defense: A three-part plan.” That article highlighted the advantages that come from basing ones enterprise security strategy on a broader framework.  The reason being, frameworks provide a common lexicon to consider internally, and with customers or investors, the cybersecurity risks and priorities that challenge the enterprise.  It helps us validate the controls and processes already in place, and identify which areas require more investing to improve technology, people or processes. On approach introduced was a way to separate an organizations security initiatives in the three distinct areas; Security In-depth, SecDevOps and Security Validation, which we called a trichotomic Security strategy.tri.png

One of the reasons I chose to work for Micro Focus is that, in a world full of point solutions, it’s one of a very few companies that offers solutions to security challenges in a way that can comprehensively build an effective Trichotomic Security strategy.  It’s not feasible to discuss, with any sort of depth, all of their solutions and how they work together to mitigate each of the stages of the attack lifecycle, but here are a few highlights that, I’m excited to say, are continually improving through integrations and innovations.

Breach Prevention

Let’s start with addressing software vulnerabilities, a problem that has plagued development programs from the beginning, and which is often the way attackers get their initial foothold in target systems. As part of a SecDevOps solution, Micro Focus offers their impressive Fortify portfolio.  This includes Fortify Web Inspect, which scans web sites for vulnerabilities, Fortify Secure Code Analyzer, for proactive and automated static testing of code before developers push updates to production, and Fortify Application Defender for real-time protection of live systems from common attacks and vulnerability exploits.

For internal IT operations, Micro Focus has one of the leading identity and access management platforms (IAM) on the market. Almost all breaches involve the use or misuse of identities and their credentials at some point, and having a centralized way to manage and monitor identities is an obvious best practice that many organizations overlook. The Micro Focus Identity Management solution can even monitor privileged users, and the specific console commands being executed, with the ability to record and playback all their activity. This lets you identify suspicious activity and take immediate action when it occurs. Working in conjunction with your IAM solution, Micro Focus Storage Manager connects to the enterprise network storage and when changes occur to a user’s role or identity, it can update the user’s home folder by provisioning new documents, updating access rights, and more.

For organizations that are behind the curve in adopting newer DevOps methods, Micro Focus ALM Octane gives dev teams a platform to optimize development lifecycles. Whether they use Waterfall, Hybrid, or Agile methodologies, Octane helps them focus on continuous testing to ensure quality while accelerating delivery and tracking of code changes to identify risk root causes of failures.

Breach Mitigation

We need to accept that it is not “If” but “when”.  Breaches will occur, which is why security in depth is important.  One thing we can do to reduce the impact of those breaches is encrypt our valuable data to render it useless to any enemies that manage to access it.  Unfortunately rewriting our applications to handle encrypted data instead of clear-text data is a challenging task.  Micro Focus Voltage makes this feasible with its format preserving encryption. If your custom software expects to see social security numbers in ###-##-### format, Voltage can scramble this in a way that preserves the format with an encryption that can be reversed only as needed. We’ve even incorporated Voltage with our SIEM platform so that you can limit the exposure of sensitive data to your to your own employees and analysts.

Breach Identification & Response

SecOps teams needing to get ahead of threats now have to overcome critical hurdles that depend upon analytics to solve. As such, a key part of the Micro Focus Security strategy revolves around ArcSight’s advanced correlation and analytics.  What is sometimes called the Threat Detection Trinity, the ArcSight platform consists of ArcSight ESM, ArcSight Investigate and ArcSight UBA.

ArcSight Enterprise Security Manager (ESM) with its advanced distributed correlation engine, helps security teams detect and respond to internal and external threats, reduces response time from hours or days to minutes, and gives Security Operation Centers (SOCs) the ability to address more threats with no additional headcount through simplified SOC workflows and continuously updated threat packages available from the ArcSight Marketplace. With ArcSight’s powerful correlation engine and advanced rules it becomes a powerful sentry for SOCs in their detection and investigation of breaches that will inevitably occur.  It also integrates with most cyber threat intelligence (CTI) platforms to provide up-to-date indicators of compromise. As a bonus, once a centralized SIEM is in place, it can become a key part of your security validation process as you track your SOC’s mean-time-to-detection and mean-time-to-response during penetration tests and Red Team exercises.

ArcSight Investigate taps into advanced analytics to fuel hunt and investigation while meeting the evolving needs of today’s mature SOCs with a modern platform, including built-in integrations with leading Security Orchestration & Automation tools. Its analytical power is magnified by impressive reach and visibility across massive data sets. By leveraging Vertica to store and access a wide range of data at scalable, big-data sizes (100s of petabytes), Investigate enables a seamless view to hunt across all relevant data. Further, its massive parallel processing enables distributed storage AND workload with active redundancy and high scalability.

ArcSight User Behavior Analytics gives enterprises visibility into their users, making it much easier for them to gain information on behavior patterns to help mitigate threats. It helps detect and investigate malicious user behavior, insider threats and account misuse. It enables your organization to detect breaches and attacks before significant damage occurs by finding the adversary faster.

Once an organization achieves a centralized view, which the ArcSight portfolio provides, it becomes much easier to validate your security tools, alerting and response times.  Many organizations even simulate attacks using ArcSight simply to observe the SOC response effectiveness.

A Complete Breach Defense Strategy

As you can see, Micro Focus offers everything you need for a comprehensive breach defense solution. And I haven’t even mentioned our software solutions for endpoint protection, change control, and other IT operations suites. These solutions are built on years of experience, and are deeply imbedded in some of the largest security operation centers in the word. Some customers also choose to build custom analytics solutions from the ground up.  With their built in Machine Learning and Big Data technologies, Micro Focus Vertica and IDOL often play a central role in these custom analytics architectures.

Regardless of whether you choose all or some of the solutions from the broad Micro Focus portfolio, know that, more than ever, we are adopting an open architecture strategy and are working with our partners to integrate into whatever defensive solutions you may have. 

So… does your organization’s security strategy adequately cover the three security focus areas of Security In-Depth, SecDevOps and Security Validation? Are you actively scanning for vulnerabilities, and utilizing your data to track down both known and unknown threats? Are you managing and monitoring the identities and behaviors of your users? And when a breach does occur, does your data remain secure and encrypted? It may not happen today or tomorrow, but eventually your enemies will find and exploit the gaps you leave in your defense. But this is a battle that we here at Micro Focus are ready to help with, and our completeness of vision is second to none.  Contact us today and have one of our subject matter experts come by to introduce you to our broad family of software solutions. Effectively defending your castle may not be a simple feat in today’s world, but together with Micro Focus, we can help you more effectively stretch your allocated security budget into a more comprehensive and effective Trichotomy Security strategy. 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.