Most IT security professionals harbor a certain amount of conservatism: The enthusiasm for all things new and innovative is tempered by skepticism about security challenges and other issues. Part of this is simply the nature of the industry; after all, it’s the security pro’s job to anticipate risks and develop creative ways to mitigate them. However, this type of caution also leads to the kind of broad thinking and blanket statements that ultimately do little to address individual security challenges on an organizational level. Broad skepticism is particularly prominent when comparing cloud security versus traditional networks. Cloud obviously brings more exposures than conventional on-premises IT. The question we should be asking is not whether there are more security challenges in all IT, but rather how we can refine our individual security postures to manage risks more effectively. This eWEEK slide show queries several highly placed security pros about what IT stressors are on their daily worry lists and asks them to explain their approaches on how to alleviate those pressures.
Stressor No. 4: External Devices/BYOD in the Enterprise
How to alleviate: Almost all enterprises have some form of bring-your-own-device (BYOD) policy because it is inconceivable to block employees from using their mobile devices, tablets or personal devices within the enterprise network. This poses a serious security risk because, once compromised, these devices might be a jumping point to the rest of the network. It is, therefore, crucial to identify, track and control access from these external devices. IP address management (IPAM) and dynamic host configuration protocol (DHCP) management enables users to actively monitor and control these devices. A well-written and enforced BYOD policy is also a must. — Andrew Wertkin, CTO, BlueCat
Stressor No. 5: Vulnerabilities in Open-Source Libraries and Products
How to alleviate: As we saw in the example of OpenSSL, which is used by almost anybody from Google to major banks, a security vulnerability in a commonly used library has an immense impact. To alleviate the risk, an enterprise should choose third-party libraries wisely to ensure that it has a vibrant community support and enough maturity to keep up with emerging security threats. Some large enterprises that rely on these libraries actually support the open-source community actively. —Andrew Wertkin, CTO, BlueCat
Stressor No. 6: PCI Compliance
How to alleviate: The latest Payment Card Industry Data Security Standard (PCI DSS) standard requires logs for external-facing technologies, including Domain Name System (DNS), recorded centrally and presented for forensic purposes. Collecting these logs and centrally managing them for compliancy is a challenge. To overcome this stressor, organizations must invest in solutions that can flex as enterprises move from the center to the edge—and are able to collect all of their DNS data centrally to be PCI compliant. — Andrew Wertkin, CTO, BlueCat
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.
Sync ServiceNow tickets and IPAM with CMDB Plug-In
With BlueCat’s ServiceNow Configuration Management Database, admins can break the silos between ServiceNow and IPAM to improve IT ticket fulfillment.
On the road to platform hardening, consider a STIG
Security Technical Implementation Guides standardize security configuration on networks, servers, and devices. BlueCat uses them and you can, too.
IT pros debate: Who should own DNS in the cloud?
Six networking pros dig into who should own DNS in the cloud during the third Critical Conversation on Critical Infrastructure hosted in Network VIP.