Intelligent Staffing and Threat Management

In my last blog, I stressed the importance of focusing on a skillset as an IT professional, so as to add the most value to prospective organizations; in this article, we will explore the importance of proper staffing, and threat management.
Too often organizations focus on the latest, greatest and most fancy threat management tools out there, like Threat Stack, AlienVault, Splunk, the list goes on, which out of the box, are great tools with many capabilities, however, more often than not, these tools go “unconfigured.” By unconfigured, I mean that an organization will invest thousands (and sometimes hundreds of thousands) of dollars on a fancy UTM tool, only to simply throw it on their network, and call it a day, without any time spent on fine-tuning baselines, applying the tool to the scope of the environment, and staffing the tool with competent resources. This is due mainly to the “fire-and-forget” marketing that goes along with “managed” solutions, like those mentioned. Whether an organization decides to manage their threat management tools in house, or decide to leave it to the vendor, configuration management is often overlooked, or at the very least, not fully taken advantage of.
There is a solution to this ongoing problem: staffing managers and network/system managers must take advantage of two things:

  1. The availability of existing talent within, or outside of the organization

  2. The capability of the tools in the environment to be customized and calibrated

While these two things seem rudimentary, I’ve seen countless firms ignore the simplest of configurations, for example, the proper implementation of file integrity monitoring. At an unnamed fortune 500 organization, the security team invested thousands upon thousands of dollars on an FIM tool capable of monitoring upward of a million hosts. Upon review of the implementation, it was discovered that not only had the FIM tool not been installed on any systems (or any systems pointed to the FIM aggregator), but the tool had not even been configured for more than one generic admin user.
Needless to say, this was a big no-no for the assessment, but more critically, it made me begin to consider the possibility that other organizations might be suffering from similar trepidation. I don’t think the finding resulted from intentional neglect but rather, a lack of proper staffing and knowledge. Of course, this could be argued as negligence within the scope of an audit, but in business terms, I realized that this problem persists within countless organizations for no other reason than simply, there is no one available to do the work. What this means for IT professionals, is that with the growing threat landscape, skills with threat management, analytics, and network protection are becoming more valuable. Calling back to my last blog, stressing skill set review and targeting, this new-age of threat management ambiguity means a huge uptick in the number of jobs calling for professionals to manage threat management tools and network systems. We as the IT professionals, however, must rise to meet the challenge. Instead of coming to the table asking, “what do you need us to do,” we should come to the table saying, “here is what should be done with the tools provided, and here is where we can improve.”
If you look at the best coders, the best database admins, the best IT analysts, they more often than not come to the table with fresh ideas, and an ability to see the need and meet it without being asked. That is the type of professional we need to be – rise to the challenge, be familiar with many different tools and methods, and offer a solution to a problem the organization may not be aware of. This, in my opinion, is one of the best ways to add value to the organization that took a leap on hiring us.
Intelligent staffing comes from the effort on both sides, the organization recognizing the need for talent, and the talent recognizing the skills that must be brought to the table, and then some.
Threat management is an ever-changing landscape and requires a cool head, a willingness to conduct research, and the ability to adapt to and learn new tools quickly. A competent IT analyst will be able to solve problems before they perpetuate, causing business issues. That is the key to the successful implementation of threat management tools; great products, and great people capable of calibrating those tools.
In my next blog, I hope to explore common issues and vulnerabilities associated with network management and explore what we as IT professionals (and the managers who support us) can do to decrease the impact of any realized risk, stay tuned!

By: Patrick Ibrahim