Why enterprises need real-time visibility of their invisible threats
It's not what you know, it's what you don’t know that bites you. Cyber attacks, internal rogue employees, and general operational missteps are a constant at enterprises. The cost, both financially and human operationally, impacts morale and budgets.
Many enterprises think they have what they need to defend their attack surfaces, except for one thing: a clear view of ALL the assets that make up that attack surface -- devices, users, applications and vulnerabilities. Too many security teams are trying to protect expanding and increasingly complex infrastructures without knowing all their risk exposures.
Today’s fast-moving, sophisticated cyber threat landscape has required organizations to adopt new approaches to continue defending their ever-expanding enterprises. Existing tools that address endpoint protection, identity and access management, network monitoring, security information and event management (SIEM), and vulnerability management are essential components of cybersecurity. But without visibility into the assets those tools are designed to protect, security teams are working in the dark. This is because environmental vulnerabilities -- things like missing and misconfigured agents, end-of-life systems, and shadow IT -- lurk across enterprise networks. If you can’t see the security gaps that these tools don’t cover, you aren’t protecting anything.
These blind spots not only create serious vulnerabilities that attackers can -- and do -- take advantage of, but they can also cripple an organization’s ability to comply with increasingly stringent and punitive regulatory requirements.
Endpoints And End-of-Life Assets Are Invisible Risks
Enterprises are particularly blind to assets that are accessing network resources despite missing endpoint protection, patch management and/or vulnerability management. Many cases involve licenses for devices that are paid for but not being used. And Sevco’s latestState of the Cybersecurity Attack Surface report found that the incidence of stale licenses is steadily creeping upward. The different kinds of software involved includes:
- About 22 percent of endpoint protection software, up from 16 percent the previous year.
- 24 percent of endpoint detection software, up from 17 percent.
- 7 percent of patch and configuration management software, up from 6 percent.
Across the board, 11 percent of all IT assets are missing endpoint protection, 15 percent aren’t covered by enterprise patch management solutions and 31 percent of IT assets are not covered by enterprise vulnerability management systems. The study also found a small but potentially high-risk number of enterprise systems -- 1 percent or less -- that are either banned by the U.S. government or past end-of-life (EOL) and any kind of vendor support.
The Path to Real-time Visibility
Organizations that want to bridge these security gaps need real-time visibility -- or, for the purpose of IT operations, observability. That starts with comprehensive asset intelligence, from endpoints at the edge to antiquated EOL systems in-house.
Knowing the status of all assets enables real-time visibility, which helps in uncovering security gaps, finding under-deployed critical security tools and hunting for and remediating vulnerabilities. Real-time visibility provides insight into not only the presence, but also the state of your assets -- and sometimes that's just as important. A misconfigured agent can be just as serious a breach of security as a missing agent, and you wouldn't know about the misconfiguration without a system that updates the status – and presence -- continuously.
Comprehensive asset intelligence, however, requires more than simply acquiring tools that identify assets and their security controls. It involves changes in organizational structures to align responsibility and accountability, as well as operational shifts that reflect a proactive organizational mindset.
For example, a proactive approach would emphasize optimizing existing security controls and implementing processes to stem environmental drift (and the corresponding increase in environmental vulnerabilities), which can occur when IT teams make seemingly harmless changes without telling the security team. It also can include adopting policies that enable exception-based alerts to quickly identify anomalous (and potentially malicious) behavior.
Organizational changes can also include realigning security, IT operations and Governance, Risk and Compliance (GRC) teams with an emphasis on proactively focusing on prevention, optimizing systems and actively supporting business initiatives, as opposed to merely being reactive to security incidents.
Give the CISO New Powers
An organizational change, of course, must start at the top, and that’s where successful organizations recently have been realigning all operational activity under the “new” CISO position you can call the Chief Infrastructure and Security Officer.
With CISOs in the crosshairs in the wake of high-profile breaches such as SolarWinds and UnitedHealth Group, it’s past time to give them the responsibility for IT and network operations, as well as security operations. Let their authority match their accountability.
In addition to improving your organization’s security posture, organizational realignment and a proactive mindset enables you to use resources more efficiently, aligning them with business initiatives to maximize ROI.
It Starts With Visibility
Having an accurate and healthy asset inventory means that you have a more robust vulnerability management program. The key to this approach is visibility, without which organizations can’t solve the problem of overlooked endpoints and EOL assets. With the right tools within a functional organizational structure, organizations can get clear visibility of all their assets along with real-time telemetry about those assets’ security status. Asset intelligence and an effective organizational structure can go a long way toward identifying and mitigating vulnerabilities, and locking down an organization’s security posture.
Photo Credit: lolloj/Shutterstock
Greg Fitzgerald is Co-Founder and CXO at Sevco Security.