Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
The Australian Signals Directorate (ASD) publishes guidance on implementing eight critical cyber mitigation strategies, which would be enough to fend off 85% of targeted cyber-attacks. The Auditor General has mandated compliance with these controls. How will government departments incorporate this into their cloud security strategy?
With the rapid move to cloud services, both public and hybrid, many Australian government departments, both at the Federal and local level, have opted to save money over dealing with the inevitable cloud security risks that cloud computing presents. Concerns about information control, data sovereignty and cyber security have emerged.
If organisations run their own security operations capability, a transition to the cloud can reduce their ability to detect and respond to security threats, since key information sources are not natively available. Furthermore, it’s impossible to show compliance with the ASD Essential Eight controls if you can’t gain access to the evidence. Let’s look at a few of the issues you’ll face with cloud computing and, especially, with your ability to demonstrate compliance.
The definition of compliance can change depending on which governing body regulates your industry, but for Australian Government departments it’s all about meeting the requirements of the Protective Security Policy Framework (PSPF) and ASD’s myriad advisories. The Auditor General has recently decided to test agencies and departments against the Essential Eight, therefore seeking evidence they are meeting the requirements of the following:
Implementing the ASD Essential Eight onsite, where you have complete control over the full infrastructure and application stack is one thing (and even then, it’s hard), but moving to the cloud means that there are entire computing subsystems that you are now blind to. Cyber security teams have built their capabilities on data collection and analytics tools, using Security Information and Event Management (SIEM) to collate and correlate threat data. Information feeds from operating systems, security systems and business applications are all important since they afford your sec ops team the entire security operating picture.
However, when you move to a cloud consumption model, especially with platform and software-as-a-service offerings, most of the useful log sources are no longer available. This loss of data means the security operations centre cannot correlate the most common security telemetry and threats which makes it impossible to detect and respond to an attack, and making it impossible to report on compliance.
Most SIEM manufacturers have created a version of their platform that works in the cloud. Often this is nothing more than an installation of their platform on a cloud server, so in essence it’s no different to what you had done before, albeit from your own datacentre. This doesn’t make the security operations team’s job any easier, since the underlying network and platform logs are not available, so they are still blind to a vast number of threats.
Instead, you need to look for a native SIEM solution that fully integrates with the cloud platform, whether that’s Microsoft Azure, AWS or some other vendor’s software-as-a-service offering. Native integration means the system collects security telemetry from the underlying systems and applications that you don’t naturally get access to. This will allow the security operations team to hunt for threats across the entire infrastructure stack, but will also allow the security management team to attest to compliance with the ASD Essential Eight, where reporting can be tailored against the maturity level of each Essential Eight control.
Government departments that have not adopted the cloud will soon be compelled to, due to budget constraints and ease of management. Until now, cloud security has been fraught with problems, especially relating to the loss of operational visibility. It’s necessary to evaluate any tools you look at for native integrations with your preferred cloud platform, to ensure you get back the visibility you’d otherwise lose.
Huntsman Security’s native integration with Microsoft’s Azure platform has given control back to the customer, with special reporting and compliance tools tailored to report on compliance to the ASD Essential Eight controls.
As cyber risks increase, organisations are encountering the longer life cycle of insurance renewals and the need to demonstrate better management of security controls and their effectiveness.Read more
Highlights and insights from the recent Managed Services Summit in London & the ISACA Central Chapter Conference on Digital Trust, in Birmingham, UK. With two recent conferences in the space of three days, some interesting challenges were very evident in the topics discussed. Being very different events, the challenges were quite different, but interestingly they […]Read more
In early August 2023, the latest joint advisory on persistent vulnerabilities was issued by the intelligence and security agencies of the “Five-eyes” community. These joint advisories are becoming more common. Perhaps recognising the growing importance of shared security information and the common nature of many of the threats faced – the weight they carry makes […]Read more
The quality of your risk assessment and the security information it provides is important; if you plan to use it to actively manage your operational and cyber resilience activities. Organisations are constantly exposed to a rapidly changing threat environment, so you really need a similarly rapid evidence-based feedback system that informs you of the ongoing […]Read more
The UK market has its own regulators, security standards and challenges. And while rulings from SEC in the US or the Australian Prudential Regulation Authority (APRA) in Australia don’t apply to UK companies, for the most part, the observations are undoubtedly relevant and the resulting advice instructive. It would be wrong to think UK financial […]Read more
<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]Read more
Keen campers, scouts and even the Swiss Army know – that a good penknife is indispensable. This simple device has mitigated many a disaster at one point in time or another. Whether it’s to cut through a bit of string, tighten a screw or simply to solve the problem of no bottle opener in the […]Read more
Supply chain risk is an area of cyber security that demands the ongoing attention of every enterprise; because it can make the difference between being resilient or not. It’s no surprise that insurers warn that the vulnerability of supply chains is potentially a systemic risk that can quickly propagate across supply chain dominated industries. Organisations […]Read more
It took a “tripartite cyber assessment” by the Australian Prudential Regulation Authority (APRA) to identify that a sample of financial organisations had inadequate cyber security: poor security control management, a lack of business recovery planning and inadequate 3rd party risk assessment. Why were there gaps? Where is the failure? Clearly the common practice of unsubstantiated […]Read more
The discussion over data-driven vs qualitative cyber security assessment has been going for some time. Nowadays, it is at the top of the priority list for many security and senior executive teams. Managing cyber security has always been a noble ambition but without reliable measurement, the lack of actionable information makes evidence-based management decisions almost […]Read more
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.