Countering APT with CyberShield Secure
I recently read the book “Advance Persistent Threat: Understanding the Danger and How to Protect your Organization”. The following paragraph in the introductory Chapter really stood out for me:
A product solves a problem, but a solution implemented correctly reduces risk. Now products are absolutely a key part of implementing an effective solutions, but it needs to be wrapped with configuration, monitoring and validation to make sure that the risk it was meant to address is being lowers to the appropriate level. For example installing AV [anti-virus] software on everyone’s systems is a product. Configuring it to look for the correct malware, updating it and performing event correlation to understand the threats and react to any attempted attacks in a timely manner is a solution.
It is for exactly this reason Nexor have developed the CyberShield Secure® methodology. We develop high assurance products that become part of a customers security infrastructure – but these products are ineffective if they are not deployed into a sensible architecture, configured appropriately and maintained. CyberShield Secure is the structured way we work with our customers and delivery channels to ensure our solutions meet their security expectations.
Beyond this quote, the book is excellent reading and recommended to anyone faced with the problem of protecting an organisations from APTs.
Cole, Eric. Advance Persistent Threat: Understanding the Danger and How to Protect your Organization, Syngress, ISBN: 9781597499491
This article was originally posted on the Cyber Matters blog – which gives “bite-size insight on cyber security for the not too technical”.
Author Bio - Colin Robbins
Colin Robbins is a Principal Security Consultant at Nexor. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.
Be the first to know about developments in secure information exchange