When the defense breaks up: what prevents information security solutions from coping one by one
Information security systems in companies are often formed pointwise and from different solutions for specific tasks: set up a VPN, protect confidential information, restrict access to data. This is normal, especially if the infrastructure is growing gradually. But such a prefabricated model creates risks: gaps remain between solutions, and attackers can take advantage of these particular zones of increased vulnerability.
Incidents can still occur due to the fact that decisions do not "talk" among themselves. Information about a potential threat remains in one service and does not reach another that could help employees of the information security department respond quickly. In fact, in such prefabricated systems, each tool works on its own - as a good specialist who forgot to give out a walkie-talkie.
One by one, even reliable products do not always give the expected effect - they do not compensate for the lack of a link between solutions and may miss important signals. The good news is that you can build a system in which solutions strengthen each other. And it's easier to do that than it might seem.Content |
Without a bundle, decisions are left alone
Let's imagine that the security service recorded the employee's non-standard behavior - for example, the mass unloading of documents on Friday evening. One instrument "noticed." But if the access control system did not immediately restrict access, then the employee will be able to upload documents without interference.
It turns out that tools, even well-tuned ones, do not work as a team. The chain "saw - understood - reacted" breaks off at the first step. An information security specialist has to synchronize data from different systems himself, make decisions manually and compile reports to explain what happened.
Such a gap between event logging and access control can be called decision inconsistency. Some of them can record suspicious actions (for example, IRM systems), others can control access (for example, authentication systems). But the whole system becomes truly reliable when these solutions work together, for example, when an employee at risk automatically receives a restriction of access, and an administrator is notified of suspicious actions. This allows you not to react after the fact, but to act proactively, preventing incidents.
Manual labor where you can automate
The more different solutions are used, the more data can be collected. But if each solution works separately, the information security team has to literally collect information in pieces in case of incidents. Download and collect reports, "glue" logs, check time stamps - all manually. It's exhausting, it takes human resources and time, it creates a risk of mistakes.
When solutions work together, information is transmitted automatically: from the authentication system to the access control system, from there to the event log. The administrator sees a complete picture of the incident, not a set of unrelated events.
For example, if an employee logs in from a new device, the two-factor authentication system records the fact of login, and the PAM system monitors what actions are next, and makes sure that the employee's actions do not go beyond his authority and job descriptions.
Piecemeal increases cost
At first glance, point solutions seem more economical: they closed a specific task - well, we work further. But as infrastructure and threats grow, so do the number of such solutions. And along with it, the burden on the information security department and IT specialists, the cost of support, the risks associated with incompatibility and "misunderstanding" between products is growing.
Each new solution requires a separate implementation, configuration, team training, support. And when there are many such solutions, and they are all from different suppliers, fragmentation arises: the interfaces do not coincide, the logic of actions is different, the updates are different, it is not easy for employees to master each product.
An integrated approach reduces this burden - this is facilitated by unified technical support, consistent updates, predictable product behavior. The question here is not even technical integration, but convenience: one entry point is easier to manage, one vendor is easier to trust. And if this vendor knows the features of the business, works with the client company on an ongoing basis, it becomes easier to work.
What could be different
A good information security system is not a set of "best-in-class" products, but a team where each player knows their role and understands others. Where employee, transaction, document, or device data is transferred from product to product automatically, without additional action from the administrator.
Complexity is not about "close everything at once." This is about seeing weaknesses, minimizing the human factor, being sure that important information will not be lost and will be processed in time. Especially when not only infrastructure is potentially at risk, but also the company's reputation.
It is this approach that underlies the Contour. Aegis - a complex of solutions that unites the information security products of the Contour. It doesn't just shut down security, it helps shape a culture of security. In such a culture, employees are aware of what actions are permissible and which are not, business owners and top managers understand where there are risks, and technical measures do not work in a balanced and consistent manner.
One product doesn't have to handle everything - but it doesn't have to be one
Expecting one absolute protection tool is like guarding a building with one lock. A good lock is important, but real security is provided by the system: with cameras, pass access, employee rules, an alarm button and a person who knows how to react.
Information security works on the same principles. There is no need to abandon solutions that have already been implemented, but it is important that they can work together, strengthen each other, and not create gaps in protection.
It is these principles that underlie the Contour. Aegis - it becomes a step towards a coherent, understandable and effective information security system. Not in order to rewrite everything, but in order to build what is already there, so that it really protects. Calm, reliable and pain-free.
Advertisement. 16+. JSC "PF" SKB Kontur. " OGRN 1026605606620. 620144, Yekaterinburg, st. Narodnaya Volya, 19A.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |