IT Security: It's All About Damage ControlBy Tony Kontzer | Posted 2014-11-26 Email Print
Trying to keep the bad guys out of your corporate network isn't even the primary goal any more. Instead, it's preventing them from getting what they really want.
That's not to say technology isn't a big part of Rush University Medical Center's security strategy. For instance, the organization looked to strengthen its network defenses by deploying more sophisticated monitoring tools that alert Parent and his team to early signs of an incident. The idea, he says, is to be more proactive and less reactive, and to isolate infections before they have a chance to spread.
"The bad guys are going to get in," says Parent. "Instead of concentrating on the front door, you concentrate on the rooms and valuables within the house."
Deflecting Incoming Attacks
Stephen Molina, information security administrator for Modesto, Calif.-based Save Mart Supermarkets, is similarly resigned to his fate. Save Mart's firewall manages to deflect about 90 percent of incoming attacks, most of which are the work of script kiddies.
What saps the biggest share of Molina's and his team's time is the constant barrage of phishing emails, often customized to look like they come from Save Mart vendors. Molina says employees at all levels of the company click on those emails, releasing malware into their devices, and then often into the network.
Similar to Parent, Molina's response typically involves deducing the breadth of the infection, and then isolating it.
"You will get infected," he says. "You are going to get compromised. It's a mistake to think about how you can prevent it from happening. It's really about minimizing the damage."
Like Rush University Medical Center, Save Mart, which operates 226 grocery stores in California and Northern Nevada, hasn't had any big breaches. Molina chalks that up to a combination of luck and the segmentation of systems that touch Save Mart's most valuable data. If an intruder gets at the company's customer credit card data, for example, he says it "could bring down the whole company."
Molina reports that Save Mart has been relying increasingly on monitoring tools that allow it to respond to a threat proactively, before it finds itself explaining what went wrong to throngs of media.
If it sounds like IT security has evolved from brute force protection into a more subtle art, that's because it has: The threats are no longer automated bots, and intrusions are much more fast-changing and adaptable than they once were.
"We're up against other people, and they're not static," says Molina. "It's an adversarial environment."
For organizations like Save Mart and Rush University Medical Center, the answer has been to keep the bad guys in their sights at all times. But, as both Molina and Parent acknowledged, a dash of luck doesn't hurt.