In case you haven't yet met someone from Rapid7, you should know that we care about improving security at all companies. We have no interest in selling you products that are going to sit on your shelf, so I recently wore makeup for the first time and sat down for a live videocast with Sara Peters from Dark Reading and John Pironti from IP Architects to talk through how organizations can get their people, process, and technology working together to prioritize and respond to security threats in real time.
So what did we discuss? Somehow, I didn't black out like Frank the Tank in the all-important debate to save the frat, so I remember three major themes we hadn't really planned prior to the cameras starting to roll: preparation, being realistic, and data vs. intelligence.
What do I mean by this? Well, I hate watching myself on video, so I'll paraphrase from memory:
No security team, no matter the skill level, can be dropped into a new organization and start responding to threats in real time. There needs to be a great deal of attention to the basics of security hygiene, getting buy-in from leadership on the approach, and operating according to plan. No technology is going to solve this for us; the team of IT, InfoSec, and Risk stakeholders need to develop playbooks as a group, test themselves as a group, and develop the level of trust in each other necessary to take action right as problems arise. The "test themselves as a group" part is rarely done, but might be the most valuable piece for improving overall effectiveness.
Multiple times in our discussion, we brought up the unrealistic scenarios for most businesses. Should you be worried about nation state attacks? Do you need to protect against Stuxnet? Do you need to rush to protect yourself against the latest zero-day with a logo and catchy name? The answer to all three of these questions is: most likely not. Your focus should first be on defending the assets at the core of your business against the opportunistic attacks that use well-known exploits. Additionally, if you aren't involved in helping the organization adopt the latest technology that makes it productive, they are going to be used anyway - just not in a secure fashion.
Data vs. intelligence
This topic of data needing context to become information and needing to be relevant to you to actually constitute intelligence has been a common discussion topic at Rapid7 lately. We all agreed that threat intelligence is not just a list of IP addresses from an unknown source, but an organization's log and other machine data are no different. Your goal should be to get the right information for you team, not simply accessing all of the data.
To watch the full video on-demand, even if only to get black mail screen grabs of me in makeup, check it out here:
If you want to learn more about the various ways Rapid7 can help your business, our Advisory Services are often a good place to start.