To understand the current and future state of the cybersecurity landscape, we spoke to and received written responses from 50 security professionals. We asked them: "What are the most important elements of application and data security?" Here's what they told us about visibility, remediation, and prioritization. We'll cover the other things they shared with us in part two.
Visibility
- If we are limiting the scope to applications that are built by your organization accessing your data, then focusing on modern approaches to continuously find and remedy vulnerabilities while giving you visibility into API-services, mobile and modern web applications.
- Catalog all APIs, eliminate blind spots, assess risk, determine sensitive data exposure, and keep them protected as they change. Differentiate between legitimate behavior and attackers. Detect targeted attacks to help security teams focus on and eliminate the source of the attack. Leverage attackers as penetration testers and gain insight into how to remediate vulnerabilities.
- Know your environment. The majority of customers don’t know enough about their environment. We are always dealing with the issue of rogue devices in the network with unknown access to the application, unknown access privileges for users, identity management problems. Visibility into the modern complex enterprise is hard to achieve. IT doesn’t have the tools. IT turns to security to help them find the missing pieces, servers accessing the database, who are the owners, who is patching, why do these users have access? Visibility into the modern complex enterprise is more critical than security.
- Know where the data and the crown jewels are whether they are in-flight or at rest to mitigate the risk with controls, detection, and monitoring from a security standpoint.
- 1) Comprehensive coverage: As enterprises build and connect more applications and migrate them to the cloud, they must focus on securing a larger attack surface from ever-evolving threats with very limited resources. (i.e. all of your applications should be protected, not just the crown jewels). 2) Visibility into security data (attack vectors, responses) to inform security decisions: The last thing you want your talented security team doing is pouring over security event data just to try to ID attackers and vulnerabilities AFTER they happen - that data should ideally be continually driving optimizations to your security strategies and tools. The security team should be enabled to operate more efficiently and make more informed decisions.
- The most important elements for application and data security include full data visibility (beyond just security data) and robust threat hunting and incident response. A strong and modern SOC should have access to all data, live; a complete logging system; as well as regular penetration test and code review of all applications and systems.
- Visibility and contextual information are foundational pieces of security. Teams need insight into what’s happening in an application and with its data. And they need to get that insight at the right time and with the right contextual information to be able to act on it. This applies both to proactively reducing risk at development/build time and to respond to real-time threats at runtime.
