Malware

Current security approaches are too complex

Read time 2min 10sec
Ian Jansen van Rensburg, lead technologist and senior SE manager at VMware.
Ian Jansen van Rensburg, lead technologist and senior SE manager at VMware.

The security methods used today are way too complex to implement comprehensive, effective, best practices across an enterprise IT environment.

ITWeb Security Summit 2019

Eight international keynote speakers are heading to SA to join the local experts and share insights with SA's cyber security community. We have Graham Cluley, independent computer security expert and public speaker; Ofir Hason, CEO and co-founder of CyberGym; and Pete Herzog, MD of the Institute for Security and Open Methodologies. To find out more and to register, click here.

So says Ian Jansen van Rensburg, lead technologist and senior SE manager at VMware, who will present the results of the VMware/ITWeb annual Information Security Survey, at ITWeb Security Summit 2019, to be held from 27 to 31 May, at the Sandton Convention Centre.

There is a wide range of security tools to manage: firewalls, anti-virus, intrusion prevention systems and threat detection systems, to name but a few.

"Each tool has an enormous number of rules to manage," he says. "Each one must be set up to enforce access control and/or information protection policies at enterprise scale, for all users and systems across the enterprise. In some cases, this could mean literally millions of rules. It's a configuration nightmare."

For the second year running, this intensive cyber security survey aims to unpack the current state of cyber security readiness in SA, by polling local chief information security officers and other high-level security professionals.

Speaking of where businesses are failing when it comes to protecting their data, Jansen van Rensburg says it's often to do with the sheer volume of work involved in following up security alerts.

"Each individual security tool within the organisation sends out thousands of alerts per day, in some cases, thousands per hour. Each tool has its own separate management console, meaning the team has to continually watch multiple screens."

He says prioritising alerts is difficult, and responding requires a lot of investigation. "For example, a detection tool might indicate there is suspicious activity in the network, but provide no specifics on the affected systems, the risk level or possible actions."

So what can businesses do to safeguard data and systems from attack?

"Protect the IT environment by breaking it up into smaller parts, to contain the damage in the event of an incident," he says.

"Think of it in the same way you would think of a ship. Ships are built using compartments, making them easier to protect. If the ship is damaged, and one compartment gets flooded, the damage is contained in that compartment, and the ship can still sail."

Have your say
Facebook icon
Youtube play icon