
COVID-19 Lessons for SecOps
By Yong Zhou | COVID-19 is a once-in-a-lifetime event we are coping with (the hardship), adapting to (the new norm), and fighting for (new therapeutics and vaccines) as a human community. We will eventually get past it, but what lessons can we learn from COVID-19? The answer is a lot, from the perspectives of medicine, economy, technology, government, geopolitics, society, and many more.
As a security solution architect and trained life-time engineer, I can’t help but ponder the lessons our cybersecurity community, especially the SecOps team (the frontline of the cyber defense), can learn from this pandemic.
Early On and During the Pandemic
When COVID-19 started earlier this year, we learned quickly about the needs of testing, isolation, social distancing, and basic personal hygiene to protect ourselves and prevent the spread of the virus.
Meanwhile, most enterprise SecOps teams have been busy increasing the virtual private network (VPN) access capacity, strengthening security controls at the network edge, and battling COVID-19 related spear phishing attacks. These are critical tasks of enabling massive “work from home” (WFH) demands and keeping the enterprise network and data safe.
In addition to these heroic actions, I believe that there are additional lessons SecOps team can learn from COVID-19 with a lasting impact of keeping our network and data safe.
- Maintaining basic personal hygiene – it is common sense that personal hygiene is one of the most essential means to protect us from infectious diseases like COVID-19. In SecOps, keeping basic security hygiene of the network is the foundation of security operations, which includes (but not limited to):
- effective security controls (both network and host-based)
- necessary security monitoring system
- proper incident detection and response team and process
A breach and attack solution (BAS) like Keysight’s Threat Simulator can help SecOps to measure and optimize its network and assets to keep and improve basic security hygiene over time.
- Testing – Yes, it is testing. Testing can not only help to identify the infected people and start the proper isolation and treatment, but it also is used as a tool of surveillance for such a highly infectious virus. In SecOps, continuous security assessment is at the core (see blog - Threat Simulator Helps Enterprises Realize the Vision of SecOps). A solution like Threat Simulator not only helps to measure the security posture of an enterprise network but also keeps the SecOps team on the offense and proactive in a safe and cost-effective way.
Post the Pandemic
We are at the beginning of seeing some light on the other end of this pandemic with the advancement of therapeutics and vaccines. I believe that we, as a human community, will be better off with the reflection and lessons learned from this pandemic. So here is my take:
We are only as strong as our weakest link (or the most vulnerable) – For decades, our medical systems have been pursuing the treatment and cure of the most debilitating diseases like cancer, ALS, Alzheimer, Parkinson’s, and schizophrenia. Even though we have the most advanced medical technologies and top doctors and hospitals, we have been awakened by the lack of basic medical personal protective equipment (PPE), nurses, and testing capability when handling the COVID-19 pandemic. In addition, this virus attacks our most vulnerable populations with underlining health conditions mercilessly, which also brings to the front the importance of health care (healthy lifestyle) vs. medical care.
What a reflection of what has been going on in our security community when it comes to cybersecurity! During the RSA2020 (the last show pre-COVID), several keynote speakers touched upon our community’s passionate pursuit (with tons of resources) of developing the most sophisticated cyber defense and analytics powered by cloud/AI to combat the most advanced persistent threats (APTs), often sponsored by nation-states and financially well-founded hackers. But our cyber defenses many times lack adherence to basic security best practices (a.k.a. basic security hygiene). The speakers called upon us to take the action and improve the essentials of a security operation, our weakest link, to make our cyber space more secure.
In this Blog – Lessons Learned from Verizon DBiR 2020, I have listed the following common areas for the SecOps team to pay attention to:
- Web application security (WAF)
- Security controls misconfiguration
- Security awareness with the latest and emerging attacks (not the most advanced ones, but the most relevant ones)
A BAS like Threat Simulator can help SecOps to find the gaps in their WAF rules and the misconfigurations of the security controls and fix them by providing specific recommendations. Keysight’s Application and Threat Intelligent (ATI) team provides bi-weekly security audit and kill-chain emulation content updates to keep the SecOps team current and prepared for emerging threats.
We will overcome COVID-19. And if SecOps teams can learn these lessons and use a BAS solution like Treat Simulator, we will have stronger cyber defenses to safeguard the enterprise network and data. Give Threat Simulator a (free) try today.