by Justin Smith – Brite, President and COO
An effective cyber security plan is an intricate web of tools and systems working together. From firewalls and endpoints to on premise technology and the cloud, the security footprint is expanding and when it comes to securing it you have to start somewhere. The somewhere? Visibility.
Why do you need a strong security plan?
Before we jump into why visibility is critical, let’s talk about the state of security within organizations today. One consistent problem is the disconnect between the Board of Directors, IT Executives (CIO/CISO) and the IT team with regards to an organization’s security maturity. The disconnect impacts the security plan and decision-making because capital distribution and weighing risk vs. reward comes from the top. If the understanding of the need is not there, then solutions cannot be implemented to strengthen security and reduce risk.
The reality is that most, if not all companies will suffer a breach of some sort – it’s not a matter of if, it’s a matter of when. It’s easy to think that it won’t happen to your organization because there are bigger ones out there that would be more profitable for bad actors, but that’s not the case. Bad actors target any business – big or small – with data and information.
Why start with visibility?
Because of the growing footprint from on premise to mobile and to the cloud, it’s critical to understand the ever-changing security landscape of today. With the expansion of the landscape, can you confidently say you know 100% of the devices on your network at any given time? How about the security posture of those devices?
Visibility in relation to security is simple. You can’t protect what you can’t see. Implementing the latest visibility tools gives organizations insights into the devices connected to the network, as soon as they connect. Through this process, organizations can effectively and efficiently detect a breach and then with the proper automated controls, limit and remediate any breach.
The three stages of continuous visibility
Visibility isn’t just a notification of when a device connects to the network, but rather a three-stage process. The cycle of continuous visibility can be categorized into proactive pre-event maintenance, during an incident and post event.
Proactive pre-event maintenance is non-stop and focuses on the devices, workloads, data and applications working on the network. This stage provides insights such as the type of device, whether it is managed or unmanaged, who has access to it and what does it have access to, are there any anomalies, etc.
During an incident visibility allows for monitoring, detection, orchestration and isolation of compromised devices. Rather than a compromised and vulnerable device sitting undetected on your network for weeks or months, visibility tools can detect and isolate a device immediately.
Post-incident, tools can further investigate through forensics, mitigation and impact to understand how the breach occurred and how to remediate the issue to prevent future breaches.
A strong security posture
In the building of a strong security posture, the foundation of visibility provides insights into who or what is connected to a network and where the device is on the network. As a result, those insights are then used to improve posture, orchestrate tools where needed, automate as much as possible and outsource the remaining tactical tasks. An important factor of a plan is to use resources to inspect all results to continuously improve.
The rate of evolution and advancements in both technology and attacks demand that organization’s take a proactive approach to security. A strong security approach starts with visibility, but also does not remain stagnant. Use the latest visibility tools as a foundation for your organization’s security plan.