The practice and execution of fundamental skills and processes are the keys to almost any successful endeavor, whether it is in sports or in the realm of security. Infosecurity recently chatted with Colonel Barry Hensley of Dell SecureWorks who revealed that, in many security breaches he’s examined, basic security practices were neglected.
Infosecurity.Com - The former director of the Army’s Global Network Operations and Security Center (AGNOSC) now serves as the VP of SecureWork’s Counter Threat Unit. Atlanta-based SecureWorks was recently acquired by Dell in January of 2011.
Hensley, who recently spoke with Infosecurity, has a educational and career background that led him from Georgia Southern University, to the Army, and eventually at Dell SecureWorks. And being an alum of one of the nation’s most prolific second-tier football schools, Hensley contends there are many parallels between the game of football and cybersecurity.
“You have to have a good offense”, he says. “You have to be postured to take the problem to the adversary.” But equally important are the basics – in football they include blocking and tackling, and in security they include “the traditional network defense” procedures.
Dell SecureWorks examined a recent 179-day period to determine “the health of the internet from a security posture perspective” for its clients, Hensley shared. When the company disclosed an elevated risk posture in response to its monitoring, they did so with several recommendations.
The company’s Counter Threat Unit found that one third of the threats its clients faced on a particular day would have met a heightened defense through traditional system security patches.
“What I tell chief security officers is that while there is an advanced threat out there, you can’t forget to do the basics”, said Hensley. “You must do traditional patching of systems to ensure the heightened defense posture is there.”
He says that in many post-incident analyses his unit has conducted, “chief security officers or their staffs have either gotten complacent, or they have been overwhelmed, and based on that they do not always do the basics”.
And why exactly are the ‘basics’ of security so vital, Infosecurity asked Hensley? The location of where security is practiced is almost irrelevant, he says, as nearly all sectors of the economy are intertwined. Whether it’s a manufacturing, financial, healthcare, utilities, or any other sector, all of their functions are critical to the economy and can be impacted by an adversary.
“What [our clients] do today make them the catalysts of the economy”, Hensley observed. “Because of this, they should be required either to perform critical network security tasks themselves...or align themselves underneath somebody [a managed security service] that does.” More
