What a Breach can Teach: It Starts with a Strategy

By on

This is part II in a series on proactive defense using a proven professional services security methodology

To me, the human body is a miracle and a mystery.  But, I often think the same thing about the growing complexity of enterprise networks and the security solutions that are intertwined throughout them like our delicate circulatory system.  I’m thinking about this as I run through the neighborhood with two pain-free knees that wouldn’t be so strong today had I not found a doctor who, in many ways, is like a professional network administrator trained to tie all the systems together for optimum performance.

You see, after years of knee pain, my boss recommended that I visit an orthopedic surgeon he knew.  He said, “You’ll appreciate this guy.  He has the same security services mentality as we do.”  I wasn’t quite sure what he meant, but I assumed it had something to do with the doctor’s innate ability to holistically evaluate my ‘network’ (so to speak).  I was really hopeful that this new doctor would finally be able to uncover the foundational issues causing my pain.

From the minute I walked into his office, I knew this doctor was different. The questions he asked intrigued me.  His approach reminded me of the way professional services consultants assess a project – first working to understand the client’s pains and challenges, and then using a systematic methodology to move forward with the solution.  In my case, the doctor first asked questions to get deep into the heart of the issue and then he analyzed the same MRI that had been reviewed by several doctors in the past.  Instead, he dissected it frame by frame.  The root of the problem was bone chips – compounded by severely atrophied quad muscles.

The doctor uncovered the core problem, devised a solution, and executed it on it.  The answer was months of physical therapy in preparation for surgery.  The doctor’s approach is what we mean when we talk about being relevant – having a greater understanding about what our customers need even if they’re not even quite sure what they need.  This ties in nicely with my last post where I discussed relevance as it relates to digital security and protecting our customers’ data – how it’s not just about having all the ‘right’ security solutions in place, but about operationalizing them all in order to experience the full value of their investment.

Whether he knows it or not, my doctor provided me with Level Three service from the Emerging Supplier Model – a model that Gavin Struthers, Senior Vice President of Worldwide Channel Operations, describes in his last post.  This level requires that service professionals get closer to customer operations, understand the organization’s end goals, and help to optimize their ROI.  In the case of security services, I know firsthand that there’s no way to guarantee that an organization is secure, but using a proven methodology to integrate the best technology is key to gaining the full value of your security investment – monetarily and functionally.

The McAfee methodology is tried and true – consisting of six phases: strategize, plan, design, implement, operate, and optimize. While these phases are not necessarily linear, the strategize phase ultimately begins the engagement and drives the phases through optimization.  At any phase, however, the environment may require that we revisit one of the former phases. Developing a strategy can often be triggered by a recent event – like a breach – that has threatened the security of an organization.  When this happens, the organization will typically seek out the experience of incident response professionals, like those with McAfee Foundstone, who are trained to uncover vulnerabilities and begin remediation to secure the network and the corporate data.

After the initial triage, the questions begin to flow in from the CISO or the CTO.  “We’ve invested in state-of-the-art security solutions.  How did this happen?  Where did the breakdown occur and why?  How can we avoid this in the future?”  Experienced security services professionals can usually explain why this particular breach occurred, but in order to avoid something similar in the future, the team must use a strategic approach – one that identifies need and implements the right balance of technology, people, and processes to manage digital risk and leverage security investments more effectively.

Although the strategy phase must address dozens of security-related details, in general our team of professionals will identify corporate requirements and set strategic business objectives for security management and risk mitigation.  This includes activities like:

  • Identifying strategic objectives and priorities
  • Assessing high-level structure of the existing security environment
  • Developing a strategy for deployment for the entire network

The good news about a security breach is this: It’s usually the event needed to bring security to the top of the organization’s priority list.  Only when it’s top of mind can the focus shift from reactive to proactive – starting with a plan and moving through full optimization.  In my next post, I will share how the planning phase from our proven methodology is born out of the strategy phase and feeds into the design phase – all critical to securing your organization’s assets and reputation.

Categories: Executive Perspectives
Tags:

Leave a Comment

Similar articles

Most security organizations have historically been focused on the prevention portion of the prevent-detect-correct threat defense lifecycle. The proliferation of some high-profile security breaches in the past few years, however, has demonstrated the weakness in that strategy. Cracks exist in even the most formidable security defenses. Attackers have become ever more sophisticated and persistent. And ...
Read Blog
Written by Deepak Choudhary There are always risks involved when relying on a third party to send and receive sensitive data over secure network channels. While we recognize the roles of the Public Key Infrastructure (PKI) and third party certificate authority (CA), we also believe that Certificate SSL Pinning can play a key role in ...
Read Blog