E R T N
P
X
E INIO
OP
on-premises and externally hosted devices
and applications, mobile devices and
tethered desktops, servers and endpoints,
and virtual and physical devices.
Coordinating a unified asset inventory
involves cross-organisational
management support, as well as
techniques that likely differ from one
domain to the next. Useful data abounds
in management systems dedicated to
each domain, but they often don’t share
this information across silos or with each
other. Operational structures, meanwhile,
create their own silos of administrators
and managers tasked with specific jobs,
further inhibiting the sharing of data
across the organisation.
Technology and operations silos
may never disappear. However,
modern methods of data collection,
management and analysis at scale can
overcome many of these barriers to
comprehensive visibility and action.
Today’s techniques support collection
from multiple and varied sources for
centralised analysis that can provide
multiple views into the data depending
on the need. Many organisations are
already pursuing the integration of this
technical threat and vulnerability data,
but the modern business can (indeed,
must) go further still.
Metrics can be developed that show
progress toward proactive investment
and goals to ensure preparation and
protection against risk. Together, these
factors can help prioritise defence and
vulnerability remediation and ensure
its competent management. Whether to
provide an overview of the organisational
posture as a whole or to serve a specific
function, modern platforms can help
bridge gaps, introduce useful metrics
that embrace multiple factors and give
clarity that reveals where action can
have real impact in any domain.
An over-reliance on people
Organisations have historically attempted
to forge a proactive security strategy
42
Organisations
investing in prepare-
and-protect
approaches are
more resilient to
attack and are better
able to isolate and
recover from attacks
when they do occur.
by relying on experienced people to
manage all the disparate tools, data and
operational groups. Security operations
teams live this every day with monitor-
and-respond approaches requiring
people to triage alerts, interpret incidents
and respond to security problems.
Relying on staff becomes strained as
the organisation grows and complexity
from the profusion of tools and data
increases. Qualified security operations
personnel are hard to find and expensive
to hire. In addition, trying to keep up with
and close security issues – alternately
stressful and mundane without better
tools to help handle the load – can lead
to burnout and make it more difficult
to retain critical staff. There are three
clear problems with an over-reliance on
people when implementing a proactive
security strategy:
• Manual processes are not
reliably actionable
• Manual processes are not sustainable
• Failures can damage the credibility
of security teams
The good news is that automation and
analytics have advanced in multiple
realms to shift this reliance away
from people and take advantage of
what technology can do better. These
advances are now available to arm teams
with proactive security strategies to
better prepare and protect the business
as well. Orchestration and automation
technologies are being implemented to
help monitor-and-response operations
to overcome this major people issue, the
same must happen with prepare-and-
protect strategies.
A ‘one size fits all’ mentality
It’s not just that no two business
infrastructures look alike; it’s also
important to recognise that multiple
groups participate in a proactive security
strategy and that these groups have
their own interests, priorities, needs and
requirements. For instance, security
operations can identify concerns and
problems that require attention, but it
is often IT operations that must define,
test and deliver remediation actions.
Business leaders, meanwhile, want to
Issue 07
|
www.intelligentciso.com