How to reduce risk when deploying new cybersecurity tools
To combat the constantly increasing range of cyberthreats, most businesses understand the importance of regularly deploying new security tools. Designed to enhance the protection of critical digital assets, these tools come in a diverse range of forms and price points.
What’s less well understood by the CISO and the wider security team, however, are the risks that these tools can sometimes create. Frustratingly, they may provide an organisation with a sense of comfort and protection that differs from reality.
To prevent such situations, it is crucial for cybersecurity teams to conduct thorough due diligence and follow a number of critical steps – according to Ashwin Ram, Cyber Security Evangelist at Check Point Software Technologies.
Before the deployment of any new tool, Ram advocates for the following five steps to be followed:
Understand what is needed
Prior to making any purchasing decisions, ensure you comprehend the risk your organisation aims to mitigate, and that you possess a clear understanding of the precise security controls required to address this risk. Validate whether existing controls within your environment can mitigate the risks, or if you must invest in new tools.
Detail the exact capabilities you require from the security tools to avoid becoming overwhelmed by the options available in the market.
Understand exactly what capabilities will be delivered
As is the case in many areas of the technology sector, security vendors are always keen to promote their offerings. The result can be somewhat fluffy marketing materials that do not fully describe exactly how the tool functions and what it will deliver.
Security teams need to dig beneath marketing messages and obtain a full and clear understanding of the benefits each prospective new tool will bring to their organisation. This will ensure that budgets are well spent and critical gaps in protective measures are avoided.
It is also worth seeking third-party endorsement of new security measures. This could come from trusted third parties such as analyst companies, the technology media, or industry colleagues.
The due diligence process should also examine how well the new security tools will mesh with existing infrastructure. Seamless integration with the current setup can help maximise your cybersecurity investment and enable controls from different vendors to operate cohesively, like a suite of products.
Ensure security teams have the appropriate knowledge and skills
Depending on their type and sophistication, some security tools may require IT staff to obtain additional knowledge and skills. Without this, deployment and management may be challenging or not completed in line with best practice or a supported configuration.
Once a new tool has been selected, it’s important to ascertain if additional training will be required or external experts contracted to deliver additional support.
Decommission old tools
It is also important for the security team to check if any tools currently in place will need to be decommissioned once the new technology has been deployed. A common mistake made by many organisations is leaving end of life or unsupported systems in place. Decommissioned legacy systems that have reached end of life increase the attack surface for cyber criminals to target as they move laterally within an organisation.
During this process, the security team should also ensure that decommissioning any tools won’t leave a gap in overall security measures. If this is the case, they may need to be left in place until an alternative approach can be identified.
Check vendors for software vulnerabilities
Recent examples of supply chain attacks have highlighted how software vulnerabilities can be a significant concern for security teams, especially when these vulnerabilities are found in the software provided by your security vendor.
While it is impossible to predict whether your chosen vendor will face security vulnerabilities in the future, you can assess their commitment to addressing software vulnerabilities in their products. It is worth reviewing the number of critical and high-risk vulnerabilities your vendor has had in the past and, more importantly, how quickly they have addressed these issues.
The period between the identification of a vulnerability and the availability of a patch is when your organisation is most vulnerable. To mitigate such risks, it is essential for cybersecurity teams to make decisions based on the vendor's track record in managing security vulnerabilities.
It’s also prudent to check services such as the US-based Cybersecurity and Infrastructure Security Agency (CISA), which tracks known vulnerabilities that have been exploited. The catalog also details vulnerabilities that have been reported but are still being exploited by cybercriminals.
By undertaking these steps, organisations can be confident that the security tools they choose to deploy will deliver the anticipated level of protection. While there is no such thing as perfect IT security defences, this will ensure that the measures put in place are as effective as possible.