Having spent the summer driving around various parts of the country, I couldn’t help correlating some of the street signs I saw with cyber security. So in the spirit of National Cyber Security Awareness Month, let's #BeCyberSmart, buckle up and have a little fun.
Turn on your lights
The first sign I saw, and one that popped up quite often, was Low Visibility Ahead When Flashing. Maybe it was just the part of the country I was in... or maybe visibility is a problem everywhere, like in cyber security!
Is your network visibility low?
Many customers I talk with are blind to much of the traffic and resulting activity on their networks. One vendor we work with calls this lack of visibility the “darkspace” within an enterprise. You might hear it more commonly referred to as blind spots. Darkspace or blind spots can typically be broken down into a few non-exclusive categories, including:
- Devices you can’t instrument with agents.
- East-west traffic you can’t instrument at scale.
- Services you can’t log.
- Encrypted payloads you can’t see.
- Siloed monitoring without end-to-end context.
- Cloud, containers and microservices.
The biggest example of darkspace I’ve heard is when someone says “I have a SIEM (security information and event management) system for both database and DNS.” Normally, there’s no way any enterprise application owner is going to allow full verbose logging on their application. And as we all know, the SIEM budget owner couldn't support it anyway.
You need vendors who can extract every database interaction, every query and the results of the query correlated to user and machine. Add in the ability to extract every DNS query and response, every file access and every Kerberos authentication, and you have the type of full visibility needed for an IT or SOC analyst to do their job effectively and efficiently.
Clients are purchasing point products to monitor each one of these issues separately, managing and maintaining both the application and deployment enforcement. We need to get away from the silos of point solutions to achieve a better understanding of our visibility.
Another popular road sign was Work Area Ahead. It reminded me a little too much of all the issues our customers have around patch management — it always seems to be a work in progress.
How do you deal with patch management?
As the threat and vulnerability landscape evolves, one thing that has remained consistent is the need to apply security patches to all systems, applications and devices processing, receiving or storing an organization’s data. The number of vulnerabilities organizations need to address continues to grow as technologies such as 5G and the Internet of Things (IoT) proliferate.
Speaking of IoT, both endpoint security and privacy — meaning who owns the data generated from your devices — are huge concerns for every CIO/CISO. The trend toward a full-blown surveillance economy is close, if not here already, which could precipitate an exponentially greater number of entry points and attack surfaces exposed for sabotage, theft and calamity.
This problem is further amplified for organizations that leverage hybrid or multicloud environments in addition to traditional on-prem data centers. As the saying goes, you can outsource the task but not the responsibility. Careful consideration needs to go into the selection of your cloud provider, and it’s important you have the right set of security tools to continually assess your state of risk.
All organizations should adhere to a robust framework that helps them plan, design select, implement and govern their cloud security strategy. All security, privacy, compliance and risk management professionals must be cloud competent for you to have a successful cloud journey.
Often times, once an organization realizes the number of unpatched security vulnerabilities within their environment, it seems impossible to create a strategy for prioritizing and addressing such a large number of weaknesses. This is further complicated by the differing priorities of stakeholders: Lines of business see patching as a risk to slowing or halting business operations, while security ops teams are driven by compliance (e.g., PCI DSS or HIPAA) with little understanding of how downtime can impact business.
I’ve come to realize that patching is one of the weakest links for many organizations, particularly in terms of security defense. But it doesn’t have to be! Organizations commonly possess the experienced professionals and the proper tools to apply system patches. So where then is the breakdown then? Ironically, it arises from two non-technical areas, namely:
- A lack of security awareness.
- A lack of accountability for following through on patching vulnerable systems.
By combining WWT’s technical expertise with a solid understanding of how vulnerabilities impact business operations, we can help align your organizations objectives and provide a foundation for advanced cybersecurity.
I recommend checking out WWT’s Patch Management Assessment if patching is one of your main concerns.
Too many vehicles
The last sign I saw way too much of was Heavy Traffic. Oh boy, and do I mean way too much!
How many security tools do you need?
Organizations have way too many cyber security tools, and candidly, I don’t see a slowdown any time soon — it just gets more and more crowded each year. Out-of-the-box solutions often fall short of the expected business outcomes that initially drove the sale, and customers struggle to realize value from their investments or operationalize each piece of technology.
We also know the security industry is prone to shiny new toy syndrome. While this tendency rarely results in any measurable value, increased visibility or risk reduction, I guarantee you that the latest fancy new start-up’s product with be installed by many.
You have to ask yourself, “Am I buying the right tool for the right use case and solving the right problem?” Make sure you answer in the affirmative before buying. There’s a major disconnect between customers’ assumptions regarding tool performance and performance in reality. That’s why conducting something like a Security Tools Rationalization Workshop from WWT prior to buying is a good idea.
We recommend taking a consultative and architectural approach to implementing new technology that ensures security is integrated into the system development lifecycle — not bolted on afterward. Failure to follow this approach is where poor IT hygiene develops, and where we start to see security risks and vulnerabilities introduced into IT and enterprise architecture.
My journey was long, but so is the road to a resilient cyber security posture. You need to remember that security is not a SKU — it’s a process! And there’s no better place to learn about the right security processes than right here at www.wwt.com, where you can explore our new B2B innovation platform.
With access to labs that cover every aspect of enterprise security architecture, many of which are launchable on-demand, our goal is for this platform to become a new home for security practitioners and decision makers. We even have resources like articles, white papers, case studies, videos, workshops, assessments, lab guides and more spanning security, automation, multicloud, software-defined networks and data centers, application development and more.
So be sure to check it out, whatever road your security transformation journey takes you down.