Risk mitigation strategies all security engineers should know
Enterprises that rely on dated software vendor patching models still find themselves vulnerable to attacks because patches address only known vulnerabilities. They do not protect against unknown vulnerabilities. Companies today need to adopt a more holistic approach to securing their data with a suite of comprehensive managed security services.
Security Protection is a Top Priority
Data breaches not only harm organisations but also their customers or constituents. In 2021 alone, there were 623 million ransomware attacks. The average cost of a data breach is $4.2 million and 25% of all data breaches are motivated by espionage or stealing commercial information. The downtime and remediation of a security breach may be monetarily costly, but often a damaged reputation does more harm to an organisation.
Gabe Dimeglio, vice president and executive advisor, security at Rimini Street said that organisations need security solutions that go “well beyond typical software vendor patching to protect the entire environment of applications, middleware and databases using active security controls that monitor activities in real-time.”
Some organisations still primarily rely on reports and patches from their software vendor for protection against attacks, but this strategy may have several shortcomings:
- Dangerous limitations – do not address custom code, unsupported releases, or unknown vulnerabilities
- Not timely – can take weeks, months, or even years to be delivered by a software vendor – and sometimes no patch is provided at all
- Labour-intensive – may require a product or technology upgrade and might need to be regression tested before rolling into production
- Ongoing risk – may not be adequate to protect against an identified vulnerability sufficiently
Organisations can take better control of its own cybersecurity defence and consider solutions to extend the life of enterprise software, protecting against common vulnerabilities. The solution that engineers pick should address the issue of the outdated but popular older releases which may not be covered by vendor security patches.
Today, organisations need a more robust system to identify malicious actions and proactively block processes that attempt to exploit known and new zero-day vulnerabilities.
Having an advanced security solution can help reduce the burden of traditional patching as well as significantly reduce time-to-protection, and eventually boost operational productivity.
Defence in Depth protection
In today’s digital-first economy, organisations should build and maintain multiple layers of security – including protecting the database layer where critical data is stored – as a part of a “Defence in Depth” (DiD) cybersecurity strategy. DiD refers to an information security approach in which a series of security mechanisms and controls are thoughtfully layered throughout a computer network to protect the confidentiality, integrity, and availability of the network and the data within.
Rimini Street has an enhanced feature in the “Defence in Depth” strategy, equipped with a full-stack solution suite to achieve zero-day security protection against the threat of known and unknown, or even unreported vulnerabilities. It holistically includes layered application and database security software and service solutions.
Some key tips that all information and security officers should be aware of when selecting a suite of security software, they should necessarily comprise a tool that gives protection against both known and unknown vulnerabilities. It may ride on Java Runtime, for detection and remediation before attacks reach their intended target. However, security engineers also need to be mindful that some releases may no longer be fully supported by the vendor.
Essentials of a layered protection
Security engineers who help organisations maintain the most complete and hardened cybersecurity posture need to consider a good selection of security assessments and the right set of tools. The essentials security engineers need to have in their system include:
- next-generation database security solution to protect data from known and unknown vulnerabilities that can continuously monitor and analyse shared memory.
- managed service suites to look at shields that remediate the applications’ vulnerabilities at speed and scale, without touching a line of code, protecting from even sophisticated attacks.
- tool that is able to intelligently configure guides, and security roadmaps and sniff out complex levels of security vulnerabilities.
- security protocol and functions that can intelligently capture all steps in a comprehensive analysis, that can be reported in real-time.
Andrew Seow, group vice president and regional general manager, Southeast Asia & Greater China, Rimini Street said: “We are witnessing a documented rise in cyber attacks, with 76% of organisations expecting data breaches in 2022 globally. Regional investment in security-related products and services is also growing fast.
Rimini Protect seeks to address gaps in cybersecurity in line with “Defense in Depth” strategy to achieve zero-day security protection.
This layered security approach deploys multiple security layers and controls, designed to provide comprehensive protection for data assets and their supporting infrastructure.”
- Andrew Seow
Organisations today need more innovative suite of security solutions that are also compatible with various environments, such as SAP and Oracle. Only with these layered approaches can security engineers help their organisations beef up their defence, work faster and be better prepared to remediate and prevent cyber attacks.
