- Not Anymore, Continued
- Known Vulnerabilities and Known Exploits
- Targeted Threats
- Critical Systems and Threats
- Regulatory Issues
- A Word About the Long Term: IPv6
- The Organizational Security Posture
- What Parts of Constant Vigilance Should I Outsource?
- What to Keep
- Who to Seek
- You Have Just Charted a Course: Let's Set Sail
What Parts of Constant Vigilance Should I Outsource?
As constant vigilance begins to seep into a corporate culture, it, too, is evolving. In a recent conversation with Marco Plas, security chief at Netherlands-based broadband provider nlTree, we talked about this evolution and where it is headed.
Marco illuminated three stages of global security constant vigilance that companies tend to work through, and in each stage, more control is given to third-party providers. This change has been catalyzed by (you guessed it) the growth and complexity of threats, countermeasures, regulations, and technology.
Basic Monitoring Packages
Adding Infrastructure-specific traps and traces
Allowing Remote Control
Stage onegeneral information securityis usually outsourced to monitoring companies such as Symantec. Specialists in below-ground bunkers in London or Berlin spend their lives tracking viruses throughout the world and providing patch-level updates. By outsourcing this portion of constant vigilance, you will receive updates such as "MyDoom is headed your way; update your patch."
In the second stage of constant-vigilance outsourcing, a company moves to handing the blueprint of its technology to a third party. In turn, that third party examines what levels of threats, countermeasures, regulations, and technology you should pay attention to based on the customized needs of your organization, sending you alerts and updates accordingly. Still, the company takes the action to secure itself from harm or legal action while executing disaster recovery. This second stage is where most companies in Europe are today.
Moving beyond the blueprint and giving a level of control is the third stage of constant-vigilance outsourcing. At this stage, the company hands over the blueprint and select scripts that enable a third part to take control of your systems when you are not there, so if a patch is needed or a portion of your system requires shutdown, it can be done remotely. This effectively ensures a more thorough form of constant vigilance. This is happening more and more throughout Europe because the need is increasing.
Marco Plas on the Consequences of Intermittent Vigilance
In the recent past, I worked to put together a constant-vigilance program for a bank in the Netherlands. After deployment, and on a Friday afternoon, we alerted the bank that a patch was needed for an incoming virus. We saw it, and we said, "It is coming to you; we need you to take your firewalls down for the patch install." We sent it to them, and they began to install it.
By that evening, the patch was in place, and we called the bank to bring the firewalls back up, but no one was there to do so. Now this was a pretty big bank with many ATM machines. With their firewalls down and their system vulnerable, they lost 2 million euros over that one weekend.
Scenarios such as Marco's are propelling many European companies to take the next step in the outsourcing evolution curveproviding a third party with full access to a company's firewalls so that the third party can leverage even more control over serious threats. This final stage will ultimately evolve into the full outsourcing of constant vigilance at a network level.