"Seeing" everything on one’s infrastructure is difficult, but of utmost business value.
Blog
‘Are we doing enough?’ Full visibility 2.0.
In today’s guest post, Mark Norcini, Sales Director at SEI IT Services, provides insight into how having full visibility across your IT platform can help bolster your IT posture.
How can we know if we're doing enough to keep the company and our clients safe? If you find yourself asking that question, you’re in good company. In addressing security, small/mid-size businesses have varying budgets, skillsets and capabilities. So what is the minimum effective dose to level the playing field for assurance, to gain control of risk? What is the standard to elevate security posture from “good” to “STRONG?”
The answer isn't a product, intelligence, or a feature. It is full visibility of the enterprise. We've previously discussed this benchmark for security posture and risk awareness. What is full visibility? It's the collection and aggregation of data from all points of contact with IT infrastructure, in every possible nook and corner. Consider how a sales and marketing department attacks the treasure trove of information from clicks on its company’s website, known buyer behaviors in the market, search engine results, etc., in order to align sales efforts. The mirror approach for defense is the harvesting of all data across applications, infrastructure, offices, branches, data centers, endpoints, etc.
The architecture of a system to attain full visibility can help overcome shortcomings, such as not being able to find the best security talent, invest in top of the line products, perform dedicated threat hunting or employing a large security staff. These limitations tend to be relevant for the majority of businesses to some degree. And because attacks and attack groups become more dynamic and sophisticated over time, the value of a system approach is stronger than a product approach. For example, it may not matter if infrastructure has the best endpoint detection product ever designed; if the environment lacks coverage somewhere, the system is vulnerable. The integration necessary to achieve full visibility creates a unified strength greater than the sum of its parts. It amplifies the value of each individual tool—many of which are underutilized on their own.
This may sound like quite a lift from a typical security setup. Consider, however, the cost of a series of tools that are running but not communicating with one another. They will stop threats that they know, but leave a blind spot in ”what they don't know they don't know.” Gaps in what data is effectively consumed by the security team limits its ability to do what it does best.
To illustrate, let's say an intrusion alert on the network coincides with the timing of an email phishing attack. An employee falls victim to clicking the phishing link and allows malware onto the infrastructure. Is it a coordinated attack? The IDS isn't correlating with the endpoint protection, and the endpoint may not realize that the phishing attack has traversed into several other employees' email awaiting execution. Just because the alert didn't go off in other places doesn't mean it’s not there.
With all data being known, a business can have a security capability from incident to remediation. That assurance of control can be expressed confidently to auditors, clients and a board of directors when they inquire if the business “is doing enough to keep the company safe."
How then does one best utilize all of the data that has been harvested? Check out the centralized cybersecurity platform.