In security, the basics are often overlooked

The former director of the Army’s Global Network Operations and Security Center (AGNOSC) now serves as the VP of SecureWork’s Counter Threat Unit. Atlanta-based SecureWorks was recently acquired by Dell in January of 2011.

Hensley, who recently spoke with Infosecurity, has a educational and career background that led him from Georgia Southern University, to the Army, and eventually at Dell SecureWorks. And being an alum of one of the nation’s most prolific second-tier football schools, Hensley contends there are many parallels between the game of football and cybersecurity.

“You have to have a good offense”, he says. “You have to be postured to take the problem to the adversary.” But equally important are the basics – in football they include blocking and tackling, and in security they include “the traditional network defense” procedures.

Dell SecureWorks examined a recent 179-day period to determine “the health of the internet from a security posture perspective” for its clients, Hensley shared. When the company disclosed an elevated risk posture in response to its monitoring, they did so with several recommendations.

The company’s Counter Threat Unit found that one third of the threats its clients faced on a particular day would have met a heightened defense through traditional system security patches. “What I tell chief security officers is that while there is an advanced threat out there, you can’t forget to do the basics”, said Hensley. “You must do traditional patching of systems to ensure the heightened defense posture is there.”

He says that in many post-incident analyses his unit has conducted, “chief security officers or their staffs have either gotten complacent, or they have been overwhelmed, and based on that they do not always do the basics”.

And why exactly are the ‘basics’ of security so vital, Infosecurity asked Hensley? The location of where security is practiced is almost irrelevant, he says, as nearly all sectors of the economy are intertwined. Whether it’s a manufacturing, financial, healthcare, utilities, or any other sector, all of their functions are critical to the economy and can be impacted by an adversary.

“What [our clients] do today make them the catalysts of the economy”, Hensley observed. “Because of this, they should be required either to perform critical network security tasks themselves...or align themselves underneath somebody [a managed security service] that does.”

Not surprisingly, the former military officer also views the current threat landscape facing the commercial world as a battle, full of the same choices one faces in active combat. First, Hensley says, companies must identify what data is critical, which resources require expenditures to defend, and “knowing you can’t protect it all, you have to know where to focus”.

It’s this focus that Hensley believes the Dell SecureWorks Counter Threat Unit is helping its clients identify, which has vast implications in defending against the latest buzz word in security – advanced persistent threat (ATP).

According to Hensley, the ‘who’ and the ‘why’ in any ATP situation is far more important than the ‘what’. He says many ATP adversaries need not bring their top exploits to the table, “because they are able to get in using lower-level techniques that normally do not require any sophistication of any sort”.

How the attacker gained access to a particular system is secondary in importance to the attacker’s motive, Hensley concluded. The type of information the attacker is seeking, and what their intent with it may be is far more vital to assessing the threat than looking at how the attack occurred. Coming back to his previous assertion, organizations know they cannot protect all of their assets without completely unfeasible resource outlays. The trick, he revealed is, once again, focusing on what information is most vital, and what attackers can do with it if compromised.

What’s Hot on Infosecurity Magazine?