Security is a Priority for Everyone, Not Just IT!

Dell Security Survey – VMUG Member Insights

With the continued threat of cyberattacks and ransomware events, cyber-security is top of mind for most IT personnel. There has been an increase in cyber threats, with more sophisticated attacks, becoming an increasing concern for IT departments. Seventy-four percent of IT decision makers see a greater risk with the growing trend for remote work. Their top concerns are malware, ransomware and protecting cloud-native apps. (Source: Dell Technologies Global Data Protection Index). Add to this, the average cost per company of data loss and downtime is approaching $1.5M, compounding the concerns for key stakeholders and decision makers. In some cases, the damage to the brand can’t be measured.

September 11, 2001, the World Trade Center attack resulted in significant impacts to IT infrastructure. This taught organizations to focus on disaster recovery. We duplicated our infrastructure and replicated it to off-site facilities, miles (even regions) away from onsite production.

Now, we still plan for physical disasters, but we must plan on cyber disasters, too. Security Operations (SecOps) are everyone’s responsibility. The data companies acquire is more important than ever, and protecting that data is crucial.

With this being a growing issue, and clearly a concern for so many IT professionals, what are we doing about it? Recently Dell Technologies sponsored a survey of your peers and VMUG members.

First, it is important to use a framework. Thirty-two percent (32%) of respondents said their company uses the NIST framework and 20% reported using the MITRE ATT&CK® framework. This is a good starting point of vetted processes to understand how your company matches up.

The National Institute of Standards and Technology (NIST) develops cyber-security standards, guidelines, best practices, and resources to meet the needs of U.S. industry, federal agencies, and the broader public. The NIST Framework Core is: Identify, Protect, Detect, Respond, Recover, as shown in the graphic below.


The MITRE ATT&CK® framework is largely a knowledge base of adversarial techniques. It does not focus on the tools hackers use, but how those tools and hackers interact with the system. The framework has a matrix that visualizes the relationship between tactics and techniques. You can learn more at their ATT&CK 101 Blog.

Having a Security Information Event Management (SIEM) solution is common. Over half (55%) of respondents are planning to use a purchased or an outsourced SIEM solution. These solutions allow for automating the analysis of multiple sources of data for 24×7 monitoring. A smaller number (13%) of respondents use an in-house-developed SIEM solution. Unless this is your core business or you have a specific use case, this is not recommended.

Surveyed peers and VMUG members reported that ‘disaster recovery and remediation practices’ (49%) are the top 2022 security initiatives, followed by the ‘ability to recover after a destructive cyber-attack’ (40%). This data supports the widely accepted view that a cyber-incident is a matter of when, not if. Our ability to recover from such an incident must be anticipated and planned. I agree with Dell’s point of view:

Cyber-resilience is the ability to maintain business continuity despite cyber-attacks. It encompasses the real-world view that, despite your best efforts, breaches may occur. And when that happens, your organization must be able to quickly recover lost or compromised data, restore system functionality and resume business activities.

(Source: https://www.vmug.com/protect-and-preserve-your-data-from-endpoint-to-infrastructure)

Members are following the NIST framework core plan to use automated detection and response, cloud-based security services, and managed security services to prepare (44%, 43%, 36% respectively). These top three can all be delivered as a service (aaS), allowing you to focus on your core business.

The top threat of concern is Ransomware/Malware (50%). One method for ransomware recovery is deploying an air-gap solution. While isolating your data from the internet adds protection, you still need to use advanced security technology. Dell’s Endpoint Security offers Full Air Gap mode allowing advanced threat protection, without requiring an internet connection.

The second concern is Phishing attacks (43%). A threat detection and response solution (TDR) is designed to help detect, investigate, and respond to phishing attacks. Managed Detection and Response (MDR) is a Managed Services Security Provider (MSSP) solution where the vendor does the monitoring for you. An attractive solution for many who cannot afford 24×7 monitoring. Dell and VMware have teamed up for an MDR solution that includes SecureWorks and VMware Carbon Black NGAV (Next-Generation Antivirus) solutions.

Just as internally managing Exchange has moved to aaS, companies are not handling security by themselves. Many (79%) say they will use a Managed Services Security Provider (MSSP) and 81% of those using a SIEM will use a third party. The top three reasons for using an MSSP (31% for each) are 24×7 endpoint security monitoring, threat detection and response, and vulnerability and patch management.

We all agree security is top of mind. And securing endpoints is at the top of security concerns. This blog just scratches the surface to protect endpoints. To find out more, consult these documents and solutions from Dell Technologies.

It’s important to note, security is not just a technical problem. It requires both a technical and non-technical solution that includes employee training, awareness, and testing. SecOps is everyone’s responsibility, even those not in IT.

Comments

Post a Comment

Popular posts from this blog

vExpert Application: What VMUG Members Should Know

Image
Recently the vExpert application opened and I encourage all VMUG members to consider applying.  If you are unfamiliar with the program, let me give you an overview.  The vExpert program has been around for over a decade and is VMware’s global evangelism and advocacy program.  They accept applications twice a year, so this opportunity is only available for a limited time. The application is straight forward, but here are some tips for you to get started.  First, applicants must pick a qualification path.  This can be customer, partner, evangelist, or VCDX.  The customer and partners are self-explanatory.  The evangelist is someone who is excited about VMware products and evangelizes their benefits and solutions.  The VCDX route is for those who have that certification.  One thing I like about vExpert program is your application is based on you.  Not your company, company spend, certifications, or deployments.  Some of these should be mentioned when filling out the
Read more

DATA PROTECTION CONTENT PREVIEW – DELL TECH WORLD EDITION!

Image
Hi everyone! I’m looking forward to attending Dell Tech World this year and I’m excited for it to be back in person! I’ve highlighted some sessions that will help you on your data protection journey. Remember, data protection and security are a journey, not a destination. You should always be thinking how to better secure and protect your data. With all sessions being LIVE and IN PERSON, be sure to engage with the speakers – ask questions, continue the conversations with the presenters and network with your peers. These are the reasons why we enjoy in person events! First up: Cyber Recovery as-a-Service: Gain Recovery Confidence with the “Three I’s”. Why? You can’t do cyber security alone. Get with professionals! Go the aaS route. You can’t do all of it aaS, but where you can, do it! Second: Performance, Security and Innovation at Scale with PowerProtect Appliances. Why? Appliances are simple and perform like your own aaS offering for your internal customers. Third: Fortify Your Organi
Read more

MEMBER HCI INSIGHTS – THREE-YEAR TRENDS

Image
The Dell SDS (Software-Defined Storage)/HCI (Hyperconverged Infrastructure) Survey Installment #3 The third installment of the HCI Member Survey has concluded and there are some obvious results as well as some surprises as the IT landscape continues to shift. With IT being asked to deal with the long tail of a pandemic, global turmoil, supply shortages, and a talent gap, making our systems run efficiently is key. Also important is focusing on your core business, not the minutiae of maintaining servers, VMs, and appliances. Trends The majority, 87%, of respondents are using vSphere. This continues to be the de facto standard hypervisor for on-premises and has been for the past 3 years. However, recently, there has been significant growth in KVM, increasing 9% (from 10% in 2021 to 19% in 2022), and AHV, increasing 6% (from a 6% to 12% increase). In 2020, 15% of companies transitioned 50% or more to a cloud operating model. That increased to 21% in 2022. The top factors motivating transit
Read more