Progressive Resilience In Cybersecurity Risk Management
University environments are naturally open, so cybersecurity risk is an ongoing concern. Trying to lock down the network as you would with a business enterprise isn’t in the cards. Still, it’s tempting in an environment where individual departments, professors, or students introduce their own new technologies, devices, or applications into the network. Rather than trying to shut down new trends, changing behavior, or banning new devices and communication paradigms, our IT department adopted a strategy of progressive resilience. Progressive resilience means adapting to, rather than banning, behavioral and technical changes.
How did we adopt this strategy? By recognizing that our cyber-risk management infrastructure needed to become more flexible. To make the necessary changes, we needed management support, a solid cybersecurity platform, and the funding to make it happen.
Getting Buy-In From Stakeholders
Any effort to reorient IT must be driven from the top down, so the first step was to get their buy-in. One of our biggest challenges was funding, which meant getting approval from the Chancellor and the board. Everyone knows that cyber-risk initiatives are an arms race against bad actors. They often involve a hiring competition with high-paying tech enterprises pursuing security analysts from the same talent pool. With support from the board, we could get the funding we needed to hire the people we needed to transform our cybersecurity infrastructure.
Identifying The Right Platform
To better manage risk in a diverse and heterogeneous IT environment, our security tools, departments, and endpoints had to come together on one platform. Consequently, we had to decide how to consolidate many of these pieces realistically. We had to ask ourselves, what steps are required to get this all on a single platform? How could we reduce our overall costs while optimizing our efficiency? How could we qualitatively measure and communicate the program’s effectiveness to our board?
We evaluated multiple solutions for integrating the pieces together into a single platform. We had separate, siloed tools such as network detection, SIEM, and IPS/IDS, and we wanted to bring them all together in a central management console. We needed a solution that would see the whole network and its endpoints but wouldn’t drive our analysts crazy with thousands of daily alerts.
We considered XDR platforms because they allowed us to collapse some of our legacy software to gain a better ROI with greater efficiency and higher quality outcomes. We looked at both XDR and Open XDR platforms. Many XDR platforms were enhanced SIEMs or endpoint tools. At the same time, Open XDR gave us greater flexibility to enhance the many technologies in our existing security stack while offering a comprehensive suite of security tools natively in the platform.
We chose an Open XDR platform from Stellar Cyber. With it, we could incorporate our existing tools while automatically collecting and correlating all the feeds from our firewalls, endpoints, and on-premises and cloud environments. The platform also enabled our analysts to quickly drill down to incidents (beyond fundamental alerts) so they could focus on remediation. This reduced operational costs and improved efficiency, reduced analyst “alert burnout,” and delivered better risk management outcomes for the university.
Aligning With The Board
A more enlightened awareness of cybersecurity risks helped align our IT and security teams and those on the board regarding strategy and funding. We communicated regularly and with complete transparency to the board. We brought in an outside company to conduct an audit that showed where we were on the cybersecurity front. That outside audit demonstrated to the board that we weren’t just looking at ourselves internally – it rendered a more objective validation of where we were and where we needed to be.
The board was all in and started asking us the hard questions. They wanted to know when we would get back to them regarding IT upgrades and how they reduced our risk exposure. We communicated our security status and activity with monthly reports written in terms board members could personally relate to, showcasing the number of phishing attacks, viruses, or intrusions we had prevented.
For us, developing progressive resilience was a process of Convincing, Consolidating, and Communicating. With this in mind, you can drive progressive resilience in your own IT organization to better manage cybersecurity risks.
Russell Kaurloto is the vice chancellor and chief information officer leading DU’s Information Technology organization. Russ has over 30 years of IT experience, previously serving in leadership roles as CIO and CTO at Clemson University, Children’s Hospital LA, the City of Los Angeles, USC and the Associated Press.