Site Security Planning
Businesses today are responsible for securing their internal and client data; this is a direct impact to their branding and reputation with the partners and clients. We know how difficult it is to justify funding for security measures — until a security breach happens. At the point of a security breach, senior management gets involved and one question will be asked: “What do you need to prevent this from happening again?”
This is an opportunity to make the most of a security event and obtain the resources you need to be proactive to help avoid future events. If you are not prepared with a solid answer, the opportunity may be lost. Quattra provides expert services at assisting you in both answering the question and delivering on the future.
Site Security Planning
It is always worthwhile to be prepared to explain what resources you need to address security risks. Even if a security breach doesn’t occur, having information ready can help you justify needed measures. If an incident does happen, you probably won’t have time to do all the homework required for a good security plan.
Having a plan is essential, whether within the boardroom or during a crisis, there is one commonality — a plan. In fact, the security plan is similar to a playbook, which consists of a carefully considered series of actions to be implemented.
Remember the old philosophical question, “If a tree falls in the woods and no one is there to hear it, does it make a sound?” It’s much the same with security. How would anyone know that a security program is effective without an occurrence to test it?
That is one reason why budget justifications are challenging for security; this is compounded because security is a cost center and does not drive revenue. To top it off, security breaches are rare. It is easy for top executives to take security for granted, but complacency is a breeding ground for disaster. But we need to consider PCI, HIPPA, PIPPA and FEDRamp (NIST) which are becoming increasing active in the private and public sector therefore Quattra looks closely at your security ecosystem with you to determine gaps, align strategy and close the holes which may make you vulnerable to the world.
The Keys to Security
The keys to understand security is to Analyze Risks at the beginning; when developing a security plan; there are multiple vulnerabilities and specific threats to consider. Some threats are common to many organizations, and some are specific to a particular organization. These risks should be examined and quantified by answering questions such as these:
- How attractive is the organization as a target?
- What would be the direct and indirect impacts of a given incident?
- What is the probability of a security incident occurrence?
These questions can be answered by examining the capability and the intent of an aggressor. Once the risks are identified, your organization can and should be benchmarked
against peer organizations. Benchmarking may seem unnecessary if you are responsible for security, because most likely you have already voiced the possible risks to executive management, sometimes without lasting effect. But benchmarking can be a powerful tool to validate that risks are real, evident and should be mitigated.
The next quantifier to evaluate is appropriate Security Measures; this is often most important component for plan development is the set of controls or measures used to prevent a security incident. Physical Security controls/measures are grouped into three broad elements: operations, architecture and technology.
Properly implemented, these controls can establish a balanced security program. Selecting and implementing the proper controls can be difficult. Ideally, when considering security measures, the assessment should look from outside the asset inward. One effective approach is to examine vulnerabilities from the perspective of an aggressor.
Places to Evaluate
Facility Access & Security
The first place any business needs to evaluate is Facility Access & Security, which typically appears more secure during the day than in the evening. Any determined aggressor will not want to be observed; therefore, criminal activity attempts tend to occur during evening hours. Lighting is the number one opportunity to discourage crime because a criminal’s ultimate deterrent is the potential that bystanders will witness their act.
The breach of a building’s perimeter is often much like the practice of magic, which utilizes diversion and movements that are not easily detected. Trying gain entry through seldom-used pedestrian entrances is illogical because the criminal may be more likely to be detected by occupants who expect only specific individuals to use that entrance. A better method may be to use the front door, where many people access the facility.
Another opportunity to mitigate crime is to introduce a defined perimeter through the use of soft barriers (landscaping) and defined/hard barriers (fencing). These create exclusionary zones, where an intruder would, in these areas, be more readily identified.
Criminals may also attempt to access a building through latch manipulation and lock picking. To deter physical access to a door, three elements are needed: Industrial locking hardware with high-security key-ways, pinned or concealed hinges and latch cover plates. The latch cover plate tends to be the most commonly overlooked element of the three; its absence allows an intruder to manipulate the door latch to gain entry.
Technical Security Protection
The second most prominent place to evaluate is the Technical Security protection of your business. This consists of three basic components: a triggering device (commonly referred to as the sensor); a circuit (typically in the form of wires) that makes a loop and transmits the information and an annunciator or sounder that signals the alarm. The alarm system has only one goal: Reduce the need for staff. But technology can only be effective if it is used properly.
The third most prominent place to evaluate is the Operational Security: Operational security represents the most common type of security and, when properly implemented, is often the most effective. A well-trained and properly documented security staff that is loyal to the goals and objectives of an organization does not come cheap. Operational security is more than just staff; it is comprised of policies, procedures and guidance regarding the management of incidents. Executives or staff who may feel hassled by security can undermine operational security, in many cases. Over time, the negativity can affect the evolution of your security strategy and make your business vulnerable while making security assume a concierge role. Operational security represents the weakest link and needs to be reviewed often. Organizations need to empower employees to help ensure the security of their workspace, systems and facilities. In many instances, gaining access to a facility is as simple as smiling and asking pleasantly, “Please hold the door for me.”
Organizations need to have broad-based security awareness programs that reach all employees which, done right, requires a initial significant expenditure.
The third is building the ‘Security Playbook’; Once the security measures have been identified using the outside-in approach, the next step is to put them together in a security playbook, or master plan, which shows accurate budgeting for the controls and measures being proposed. The planning should adopt a holistic, all-securityrisks approach. In some instances, budgeting can be shared among additional corporate functions such as information technology or human resources. Budgeting should be phased and comprehensive.
Another way to justify security measures is to show return on investment, which typically involves not only the return on technology investments, but highlights training programs, empirical reduction in incidents, etc.
Although it may not be seen, the playbook needs to be well written, as there is a chance senior management will ask to see it. If it is not available to be presented immediately, the implementation of the plan could be delayed.
In addition, the plan needs to keep its audience in mind. Executives tend to either be spontaneous or cautious and detailed. To be on the safe side, both personalities should be kept in mind, as the security plan is developed to ensure its support on the executive level.
This is a living document that needs to be updated regularly and will form the basis for any presentation to management. In anticipation of that occurrence, it is important to identify and meet with key stakeholders. The goal of this meeting is not to push an agenda, but to make others aware of resources in the spirit of building
Embracing the need for a well thought-out security playbook can make the difference in obtaining resources once a security event occurs. Rather than sending endless emails about an organization’s risk, be prepared so if a question about security needs comes from management, your response will be, “I have a plan. This is what we need to do, this is what it will cost, this is what we will gain.”
The statistical reality is that any organization, no matter size or type, will experience a security incident at some point. The more employees and the longer the organization exist, the greater the statistical probability of a security event.
Business Continuity Planning
Business continuity planning is one of the most critical components of any recovery strategy.
Companies today face an unprecedented number of exposures, from frequency and severity of weather-related events to reliance on a complex network of technology and supply chains, which is ever expanding. These events leave businesses susceptible to a variety of existing and emerging risks.
Managing these risks is key to the survival of us any organization.
A business continuity plan is one of the best investments any company can make, as companies that proactively consider how to respond to events are the first to get back to business, often at the expense of competitors. This is the ingredient to maintain your business strategy and deliverables to your clients.
A predefined business continuity plan, combined with the proper insurance coverage, maximizes the chance of a successful recovery by eliminating hasty decision-making under stressful conditions. It details how to get businesses back on track after a disruption – in the most thoughtful way possible. Ask yourself; ‘Do you think your business can withstand a disaster?’ Think again. In the industry today 25% of businesses do not reopen following a major event. In fact, seemingly minor disruptions compared to widespread natural disasters can often cause significant damage – power failures, broken water pipes, or loss of computer data.
A Travelers study found that 48 percent of small businesses are operating without any type of business continuity plan…Yet 95 percent indicated they felt they were prepared.
- Is your business continuity plan predominately an insurance policy?
- Is it predominately an emergency response or evacuation plan?
- Is it predominately an IT or data recovery plan?
- Is it something you developed that sits in a binder on a shelf?
If you answered, “Yes” to any of these questions, then your business continuity plan may be giving you a false sense of security. This is where our continuity planning approach and strategy can help you close the gaps and maintain you business services in the event of a unintended disaster are more common – and costly – than you may realize.
In 2012, nine of the top 10 most expensive worldwide disasters happened in the United States. With $77 billion in insured losses worldwide, 2012 was the third costliest year on record. The first was 2011, when $126 billion in insured losses were reported.
Palo Alto Server Virtualization & Cloud
Addressing the Problem
As more companies look to leverage the agility and flexibility of cloud by deploying a hybrid cloud architecture, there are three key challenges that they face in achieving the promise of hybrid cloud: inconsistencies in network architecture between the private data center and the public cloud, the lack of rich next-generation security capabilities to counter today’s sophisticated cyber threats, and the portability of both the application and the security policies that protect it, regardless of where the application is deployed.
The ultimate promise of the hybrid cloud is the ability to write an application once, define a security policy around that application once, and have the ability to deploy that application anywhere without compromise.
As you evolve your datacenter towards a cloud-based architecture, you begin orchestrating the automated tasks for provisioning workloads (compute, storage, network). Unfortunately, securing these workloads with today’s existing network security appliances is a manual, time-consuming process. Security teams simply cannot keep up with how quickly these workloads are being provisioned by the virtual infrastructure teams.
Addressing the Solution
Palo Alto Networks enterprise security platform allows you to leverage the same rich security policies across your private and public infrastructure, enabling a consistent approach to security whether the application is virtual, physical, on-premises, or off-premises. Our next-generation firewalls give you the ability to segment your datacenter network, while our VM-Series, virtual firewall, allows you to realize the full agility and flexibility promises of the cloud. Both physical and virtual form factors run the same PAN-OSTM operating system.
Quattra working together with Palo Alto, our enterprise security platform safely enables the north-south and east-west traffic throughout your virtual, physical and cloud environments with consistent next-generation security protection. This gives you complete visibility into the applications being used, knowledge of the users accessing those applications, and protection against known and unknown threats.
Enabling Next-Generation Security to the Public Cloud
The VM-Series extends the benefits of the VMware NSX and Palo Alto Networks VM-1000HV integration into a new service within VMware’s vCloud Air*, a public cloud platform built on the trusted foundation of vSphere. The VM-Series also gives organizations the flexibility to maintain next-generation security across a number of cloud service providers with support for cloud infrastructure providers like Amazon Web Services (AWS), and support for Kernal Virtual machine (KVM), a popular open source hypervisor used in many other public cloud computing environments.
Applying Next-Generation Security to Virtualized Environments
The VM-Series virtualized firewall is based upon the same full-stack traffic classification engine that can be found in our physical form factor firewalls. The VM-Series natively classifies all traffic, inclusive of applications, threats and content, then ties that traffic to the user. The application, content, and user— the elements that run your business— are then used as the basis of your virtualized security policies, resulting in an improved security posture and a reduction in incident response time.
Isolate Mission Critical Applications and Data Using Zero Trust Principles
Security best practices dictate that your mission critical applications and data should be isolated in secure segments using Zero Trust (never trust, always verify) principles at each segmentation point. Our physical and virtual next-generation firewalls can be deployed throughout your virtualized server infrastructure, exerting control based on application, and user identity.
This allows you to control the applications traversing your virtualized environment, while blocking potentially rogue or misconfigured applications and controlling access based on user identity.
Block Lateral Movement of Cyber Threats
Today’s cyber threats will commonly compromise an individual workstation or user and then they will move across the network, looking for a target. Within your virtual network, cyber threats will move laterally from VM-to-VM, in an east-west manner, placing your mission critical applications and data at risk. Exerting application level control using zero trust principles in between VMs will reduce the threat footprint while applying policies to block both known and unknown threats.
Automated Deployment and Provisioning
A rich set of automation features and APIs allow you to streamline your security policy deployment so that security keeps pace with the build-up and tear down of your mission critical applications.
Virtual Machine monitoring: automatically polls your virtual network for VM changes, collecting this data in the form of tags that can then be used to keep policies up-to-date via Dynamic Address Groups.
Dynamic Address Groups: allow you to create policies using tags [from VM monitoring] as an identifier for virtual machines instead of a static object definition. Multiple tags representing virtual machine attributes such as IP address and operating system can be resolved within a Dynamic Address Group, allowing you to easily apply policies to virtual machines as they are created or travel across the network.
REST-based APIs: allow you to integrate with all of our next-generation firewalls with 3rd party tools for reporting, management or cloud orchestration for virtualized environments.
Centrally Manage All Security Policies
Panorama is a management platform that provides the ability to manage security policies for all Palo Alto Networks network security platforms – regardless of whether they are virtual or physical – from a centralized location. Panorama provides compliance through consistent enforcement of policy across your entire datacenter network, as well as rich centralized logging and reporting capabilities.
Source: Palo Alto Networks
*vCloud Air will be available on the Palo Alto Networks VM-Series 1000HV in the first half of 2015.