The Cymbel Approach is rooted in our belief that “It is not the strongest of the species that survive, nor the most intelligent, but the ones most responsive to change.” As organizations look to leverage advances in technology to address business needs, new security risks are created. The tough economic environment puts severe pressure on budgets.

Cymbel helps the Information Security team mitigate these new risks as cost effectively as possible with our Next Generation Defense-in-Depth Architecture.

The Forces of Change

• Business needs
  • Increasing number of remote and mobile workers
  • New partners
  • New services and applications
• Technology
  • Web 2.0 applications
  • Virtualization
  • Cloud computing
  • Smartphones
  • Converged video, voice, and data
• Threats
  • Web-based
  • Zero day
  • Insider
• Regulatory requirements – PCI, MA 201 CMR 17, HIPAA/HITECH
• The Economy - Recession followed by sluggish top line growth

For more details see The Five Forces of Change.

With respect to Threats in particular, we have a well-researched understanding of:

• Who the attackers are
• The attackers’ objectives
• The attack vectors they use
• The target systems they use to gain entry
• The access control issues organizations face
• The best technical controls, both prevention and detection, which enable automatic and continuous monitoring

Next Generation Defense-in-Depth

We have rethought and reassembled our solution portfolio to provide a next generation defense-in-depth architecture focused on applications, users, and information. This enables the enterprise to better mitigate security risks and reduces the costs of compliance audits and security operations.

For example, in network security, to respond to modern malware, for the last four years we have partnered with Palo Alto Networks to provide next-generation firewalls which:

• Reduce the enterprise’s attack surface using a Positive Enforcement Model at the application level.
• Mitigate threats with top rated Intrusion Prevention functionality.
• Enable internal network segmentation to:
  • Control users’ access to internal applications and data
  • Limit the damage when a system is compromised
• Consolidate network security devices to reduce costs
• Unifiy network security policies to improve infosec responsiveness to business needs

Overall, the benefits of the Cymbel Approach include:

• Reduced IT Security risks
• Reduced costs of meeting regulatory compliance requirements
• Reduced IT Operations costs
• Increased IT Service availability and performance
• Improved IT alignment with business needs.

The Results

More specifically, we help our clients achieve the following goals:

• Accelerate the shift in focus from protecting devices to protecting information – Until recently, security was focused on protecting devices from being compromised. While this still has relevance, a next-generation defense-in-depth architecture is focused on protecting information – Personally Identifiable Information, Protected Health Information, and Intellectual property (trade secrets). This means that users and applications that access information are also center stage.

• Improve visibility – Visibility must be the first step in any security improvement or compliance process. Without visibility, any changes in policies or controls are likely to have unanticipated negative side effects. Improvements in visibility go beyond (1)  Vulnerability Assessments and (2) Penetration Testing and include (3) Device and Software Discovery, (4) Users’ web browsing, external web application usage, and internal application, database, and file usage, (5) Configuration changes, and (6) Incident detection.

• Integrate security needs and compliance requirements – The purpose of compliance standards like the Payment Card Industry’s Data Security Standards (PCI DSS) is to require organizations to deploy minimal security controls. However, lawyerly interpretations of regulatory requirements can leave an organization in an unnecessarily high risk situation. Better to leverage regulatory requirements to achieve meaningful protection.

• Improved situational understanding – As spending on information security and compliance continues to increase, frustrated executives and operations managers continue to wonder, are we better off today than we were yesterday? Meaningful security and compliance trending metrics, specifically designed for each level of the organization and presented in easy-to-understand dashboards and reports, are critical to situational understanding and decision-making.

• Reduce compliance costs by limiting scope – One important way to reduce the compliance costs is by limiting scope. For example, you can limit the scope of a PCI DSS audit by segmenting your internal network so as to isolate the servers involved in the audit.

• Improve linkage between security policy definition and implementation – Implementing network-based security policies, whether in routers or firewalls, has meant a painful “translation” step between policies defined in terms of users and applications and policies implemented in terms of IP addresses, ports, and protocols. This translation is prone to implementation mistakes and difficulties in implementation assessment. The problem is most daunting when applied to internal network segments. This process is greatly simplified when security policies can be directly implemented in terms of users and applications.

• Reduce the costs of supporting multiple compliance regimes – Increasingly, organizations are required to meet multiple regulatory regimes which have overlapping requirements. The goal is to “test once, comply many.”

• Improve Information Security responsiveness to business needs- Too often organizations find themselves tied to obsolete information security architectures which leave them with two equally problematic choices: (1) slow down new business opportunity execution until information security can respond, or (2) move ahead without adequate information security controls. Here are some general examples:
  • Enable secure Web 2.0 application usage and social networking
  • Enable secure use of virtualization and cloud computing
  • Enable secure use of smartphones
  • Enable secure infrastructure convergence of data, voice, and video
  • Secure access to high risk transactions and processes

• Manage Information Security from a IT/Business Service Management perspective – Organizations strive to apply metrics to information security to improve decision-making. The key metric though is business impact which can be calculated only when IT components are grouped by IT/Business Service.

• Break down security and performance/availability silos to reduce operational costs and improve incident detection and remediation – The separation of system management and security management functions limits the operational effectiveness of both groups. A unified information technology management system that can collect and correlate device and software inventory, configuration change information, logs, flows, performance, and availability data enables faster incident detection and remediation.

Links to Explore

• Details on the five forces of change
• Cymbel’s 12 Best Practices for mitigation the risks of modern malware
• Cymbel’s Next Generation Defense-in-Depth architecture focused on applications, users, and data.
• Cymbel’s Solutions
• Next Generation Firewalls
• Security Intelligence Platforms, the next generation Log/SIEM
• Virtualization Security
• Achieve MA 201 CMR 17 Compliance by isolating private data, controlling access to private data, detecting and blocking threats at the gateway, and monitoring traffic flows for unauthorized transfer of private dat
• Cloud Delivered Security
• Database Security
• External Security Intelligence
• 0-Day Threat Protection
• Cymbel’s Services methodology related to the SANS Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines.
• Cymbel’s solution Partners.
• Cymbel’s Blog.