6. Real time monitoring and track latest Vulnerabilities: Maintenance Phase is when the application is successfully deployed on the said environment and depending upon the Client’s Service Level Agreement (SLA) the application will be monitored by a dedicated team. The monitoring team’s main objective is to monitor the network traffic, performance and any unusual traffic or security incidents.
Now the question is: When the monitoring team is already doing all these activities what is the need for another Security Team and what role has the Security professional to play? Why should the Client/Customer even bother to incur additional cost on an additional resource / a team?
To answer them: A dedicated Security professional / a team is required to constantly keep track of the latest happenings in the outside world. For example: Consider a real-time scenario where some external Banking application is compromised, in such cases this Security Team should act as an Security Forensic Investigator and start investigating on what happened, how it happened, consequences of the attack, etc. Some points to consider could be:
- The attack vectors
- The compromised data
- The number of records compromised
- and more…
By conducting a thorough Forensic and documenting the total loss incurred by that external Bank, the team should be in a position to get back to their Clients from Banking domain and recommend them to validate their applications current security controls against the forensic report and implement relevant security controls before such attacks happen on their applications.
The above is just one scenario out of the lot. There are numerous scenarios which happen on a day-to-day basis and the respective Clients/Customers have to be on their toes to identify and address such attacks. One another example that cannot be neglected by any Client is Zero-day attacks on their applications.
By having a dedicated Security Forensic Team, it is obvious that the Clients/Customers will have to incur additional resource cost but will be worth when compared to Zero-day attacks or any DDOS attacks.
To sum it up:
- Maintenance phase is no exception
- A dedicated Security professional or a Security Forensic team must be in place to investigate any real-time attacks
- A detailed Forensic report must be prepared and produced to the Clients/Customers in case of any security incidents
- Monitor the web to track any reports of Security Vulnerabilities published to public
- Provide relevant patch recommendations
- Retain all forensic reports and observations for any internal or external Audits
Benefits of integrating Security in Phase6:
- Helps keep our business up and running even if there are Zero day vulnerabilities in any of the third party applications / APIs implemented in our Applications
- With a safe repository of all the prehistoric forensic reports prepared during an cyber attack on some external application, helps us address and circumvent a similar type of attack on our own applications. Thus ensuring our Clients/Customers business is up and running even when their own application is under attack