Guarding IT security infrastructure
It’s a 2,000-year-old question, and as relevant to today’s IT security landscape as it was in Juvenal’s time: Who will guard the guards themselves?
We think of security infrastructure as our guardian against the dark powers who would infiltrate our network and steal our most sensitive secrets, but there’s danger in putting too much trust in technology without overseeing these tools.
Relying on firewalls and antivirus monitoring (AV) alone isn’t enough to counter today’s sophisticated, well-resourced cybercriminals. Security now depends on a holistic approach – one that not only identifies all the potential hazards, but which also links different security systems (both physical and logical) and manages the relationships between them.
That doesn’t mean that traditional technologies such as AV and intrusion detection are no longer useful. Rather, organisations should be aware that not all threats are external in origin or criminal in intent. They include malfunctions from poorly-configured devices and applications, threats from Shadow IT such as employee-owned devices, or disasters such as fires and floods.
That’s why having a monitoring and early warning system is such an important element to any serious security strategy. By monitoring all critical components, from firewalls to CCTV, antivirus to environmental sensors, organisations can spot the first signs of impending problems before a crisis occurs.
Our own security systems require their own safeguards, and this “meta-security” should incorporate five elements. First, organisations need full control and oversight of their security tools to ensure that firewalls are properly configured, backups regularly and fully undertaken, and threat detection is identifying suspicious activity on the network.
Next, they need backup systems in case conventional tools fail. We are already seeing this in new Identity and Access Management tools which work by detecting unusual behaviour, rather than scanning for known malware signatures.
Businesses also need the ability to monitor systems performance in real-time, including all hardware, software and data streams. This shouldn’t just focus on security infrastructure, but everything that affects employees’ ability to conduct their work.
Similarly, any monitoring system should watch over physical sensors, including CCTV, and notify the business when defined thresholds have been exceeded.
The final element is the ability to draw all these disparate monitoring systems into one clear, easily-understood whole, rather than a set of separate solutions. This clarity is essential if one is to gain a holistic picture of your preparedness.
Where can you buy such a multi-faceted security monitoring system? The answer is that there is no out-of-the-box solution – nor should there be. Each organisation is unique in its infrastructure mix and the threats it faces, so a one-size-fits-all approach won’t work.
What’s important is to build a monitoring solution that possesses all the necessary functions to monitor the entire IT infrastructure, including as many of the common protocols as possible: SNMP, Ping, FTP, http, NetFlow, sFlow, jFlow, WMI or packet sniffing. It should also connect every device and application via a well-documented API, which is straightforward to achieve.
Can we guard our guardians? Of course we can. The barrier is not technological; all it takes is the will to take security seriously.
Martin Hodgson, Head of UK & Ireland, Paessler – PRTG Network Monitor
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”