As a company grows, its cybersecurity program must grow with it. 

As a company grows, its cybersecurity program must grow with it. 

All businesses want growth. But success brings greater security concerns. So how does a company scale for growth without becoming a security risk? What are the best things to do to maximize efficiencies and to properly scale your security?

Here are some common ways to grow your business, not your security risk.

 

Plan for Growth

Design your security architecture so that it can scale as needed. Ensure that network maps and asset inventories are correctly maintained and are easy to access by the security team. There’s nothing more frustrating than to be in the middle of an incident and your team is struggling to identify what data is on which machine.

Operations

Having a well-planned post-attack framework is critical to any sort of effectiveness—formal run books, incident response plans, formal procedures for commonly encountered issues and so on. When a machine gets popped with ransomware, who is on the hook to remediate and who does the investigation to find the root cause? As your company grows, so will the security team’s reliance on other teams including networking and IT.

 Automation

Once you start to scale your network, it’s almost a sure thing your security team and resources won’t scale as quickly. As a result, you need to lean on automating as many tasks as possible. For example, if you have 50users and require new passwords frequently, you had better have an automated way to handle password resets. Self-serve processes are great, but as always, ensure that any scripts or services you deploy are secured—especially if they are handling sensitive tasks.

Proper Monitoring

Proper security monitoring can encompass a lot of things—host IDS, FIM, endpoint security, network IDS, threat intelligence and so on.

  • Monitoring the appropriate traffic with the proper people is critical. Make sure there is at least one pair of experienced eyes looking at alerts.
  • Ensure you have logs from everything, and that outages are remediated quickly. Don’t just focus on external traffic; focus as much energy on detecting anomalous internal traffic for signs of employees poking around where they shouldn’t be, as well as possible breaches.
  • Consider using honeypots. These can attract attackers and, when properly configured, can yield extremely valuable information.
  • Wherever possible, monitor local logs. Too many organizations focus on general network traffic, ignoring local logs. The result often is compromised machines going undetected for a long while.

Reduce the Noise

Reducing the noise is perhaps the most critical change an organization can make to its network. Too often the approach to false positives by security teams is to tune them out at the SIEM and move on. There are big problems with this approach: Unnecessary traffic traverses the network and in the logs, and more important, the underlying issue isn’t being addressed. The best approach is to remediate, limit, then filter.

Remediate is the preferred approach—to actually fix what’s making noise. This plays into the operations part above; as you grow, make sure your incident response plans include IT and networking. When you see a machine innocuously repeatedly trying to reach a service it is blocked from accessing, have IT investigate and fix it. This is also an opportunity for the security team to illustrate to the IT and networking groups that security can be an effective adjunct to their teams, identifying broken systems well before their groups will.

Conclusion

No matter your organization’s size, if you follow these basic concepts, your security processes should run more smoothly, and growth will not be an issue. A little pain when you are small is much better than a lot more pain down the road.

This article was originally written by Gary Brown and published on Security Boulevard.