In today’s security landscape, budgets are tough, the attacks are at odds, and new threats arise daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real problem. However, slim security models are not only possible – they can be very effective.
River Island, one of the leading trading sellers in the UK, offers a powerful thematic study of how to do more with the smaller ones. As an Infosec River Island officer, Sunil Patel and his small team of three are responsible for providing more than 200 stores, e -commerce platform, main mall and head offices. With no growth on the horizon, Sunil had to revise how safety could scale effectively.
Taking a slim security model that works on the basis Platform Management of the Attorney’s ExposureThe team was able to improve the visibility, rather respond to threats and expand the capabilities of others throughout the business to fix what is most important.
Here are five key lessons from their approach that can apply any security team.
1. Automate the visibility of the surface of the attack
The prone safety model rests on the ability to quickly and accurately understand your outer surface. The River -Aillenda team lacked the central way to track what was exposed to the Internet. Without a single, modern idea of their assets that go online, they relied on spreadsheets and hand checks and fought to keep up with the new risks that result from the constantly changing infrastructure.
By accepting continuous network monitoring As part of the exposition management process, the team now finds that the attack surface is automatically changing. If a new or unexpected service – such as an entry page, an administrator or database panel – becomes available online, they are reported in real time. It gives Sunil and his team alive, a clear idea of what is exposed, and makes it easy to start automatically scan these open assets for vulnerabilities.
2. Choose the desired tools to work
The last thing Lean Team is needed is a stack of tool overlapping – everyone does little, does not do enough.
There were a number of security decisions on River Island, but many were not used enough. Sunil estimated that they “receive only 5-6% of the possible value” from some products.
Instead of adding more to the mixture, the team fixed. This means that less time spent with context-conversion and more time, acting on clear, uniform ideas. With a smaller set of tools, it is easier to create integration and automation, which are the most important part of the slim.
3. Automate detection of the occurrence of a threat
Loud vulnerabilities such as Log4j are exposed to great pressure teams. When important vulnerabilities appear, your ability to remain safe depends on how fast you can evaluate the exposition. But with disabilities to do it manually, ineffective and impossible.
The only exposition management platforms such as Intruder are lifted, automatically scanning the recently revealed critical vulnerabilities so that you do not leave the next weekly or monthly scan to find out if you have a problem.
Speaking of the influence of this, Sunil said, “When Log4j got to our director, our CIO asked if we were injured. I could say to him at once:” We are good – the offender scanned it, and we are understandable. “
This level of assurance creates confidence in the leadership, avoids unnecessary fire exercises and releases the team to focus on recovery rather than the investigation.
4. Asset owners quickly correct the problems
When taking a slim security model, the goal is to fix everything on their own – it is to make sure that the right people will be equipped to quickly fix the right things. This means deleting a security team as a narrow place and expanding the capabilities of others to eliminate weaknesses.
“One of my goals was to fully withdraw the security team from the equation in terms of the process,” Sunil said.
Earlier, the Infosec team was responsible for chasing asset owners and transferring technical recommendations for security experts. Now, integrating its exposure platform with JIRA, vulnerability is sent directly into the appropriate teams with the simple to follow the instructions required to take the measures.
This shift has released the Infosec to focus on higher priorities, while service managers are engaged in daily recovery.
Sunil said, “We are no longer a manager who has not sounded. We just keep track of the fact that everything is progressing.”
5. Report on cyber -hygiene
If you are running a slim security team, the last thing you want is to spend your limited time by pulling out the reports or informing the stakeholder updates. But visibility is still important – especially at the level of leadership.
On the River Island, this trust was built by shutting off special reporting to automated dashboards, which clearly show that it was exposed, what has been corrected and what was still required.
Sunil said, “I said to his director,” You don’t have much with me in one, “and he laughed and said,” It is good-it means that nothing is broken. The broken giving him confidence that we covered it, so he does not need to register. That’s how I know everything works. “
Small teams, great influence
Being thin does not mean to be insufficient. With the help of correct tools, processes and thinking, the security teams of any size can build scalable, resilient and effective operations. River -Ayland’s experience shows what is impossible to do with less – it can be smarter and more sustainable for safety.
Under pressure to make more with less? Try an attacker for free with a 14-day test.
