As 2019 draws to a close, we’ll see plenty of discussion of the year’s major security incidents, but few will focus on the foundational missteps that plague most organizations. These disruptions aren’t a mystery; in many cases, organizations still make the mistake of implementing new tool after new tool without understanding the nature of their hardware and software assets, where they sit, and what applications and systems are running on them. Throwing more tools at problems of visibility and control will leave any security and IT management strategy inherently flawed.
Let’s cut through the clutter. Here are what organizations can do now, and throughout the coming year, to ensure that strong security and IT operations fundamentals are locked in.
1. Address Gaps in Visibility
IT teams simply can’t protect what they can’t see. Good IT hygiene begins with an accurate, up-to-date, and contextual inventory of an organization’s endpoints, including servers, laptops, virtual machines, and cloud instances on the network. But that’s just the beginning, and a mass of tools — from asset discovery solutions and security information and event management systems to configuration management databases and beyond — still leads to visibility gaps.
The reason is that a collection of point tools doesn’t help organizations see the bigger picture — in other words, to have full visibility. Each product and tool has its own view of the IT environment. Individual tools may offer data that is relatively timely, contextual, or complete. But when IT teams look at this data in aggregate, visibility gaps begin to form.
Here’s an example. IT teams might have a tool that gets endpoint detection and response (EDR) telemetry up to the cloud every five minutes from all of their systems — but not their unmanaged hosts. They may get vulnerability scan results back once a week for peripheral component interconnect (PCI) systems, but only once a month for workstations. Their asset discovery solution might scan for unmanaged and managed assets, but only in the data center and only once a day. And if they need a new set of data that they didn’t anticipate and is outside the scope of their existing tooling’s hard-coded capabilities, there’s no easy way to get it. Consequently, stitching all this asynchronous data together to garner usable insights becomes so difficult as to be almost impossible.
If this lack of visibility isn’t rectified, IT teams will continue to suffer the consequences. They may continue to think they are more protected than they are, exposing themselves to vulnerabilities that should — and could — have been prevented.
One way for IT teams to address this lack of visibility is by using a unified endpoint management platform. [Editor’s note: The author’s company, Tanium, is one of a number of companies that provide such a service.] With a single source of endpoint data, those glaring visibility gaps start to close.
2. Declutter and Consolidate the IT Environment
Collections of point tools aren’t just a challenge for visibility; they’re also adding needless complexity. A Forrester survey found that, on average, organizations today use 20 or more tools from more than 10 different vendors to secure and operate their environments. And many large enterprises have 40 to 50 point solutions — a staggering number.
This cluttered environment makes it a big challenge to implement good IT hygiene habits, because each tool offers different data and different degrees of visibility. In addition, tools individually are expensive to learn, deploy, and upgrade. They often have short shelf lives because they were built for their time, usually for a specific use case, and not exactly future-proofed.
The good news is that it isn’t difficult to pare down the volume of tools. IT teams need to first identify the capabilities and deliverables their organizations need to implement, regardless of their technology and tools. Then they should go through each tool individually and catalog its capabilities. And finally, they should create a Venn diagram to see where overlap exists between these tools. Auditing your estate like this can be cumbersome, but the overlaps are the opportunities for consolidation so that IT teams can operate with fewer tools and more visibility moving forward.
3. Remove IT Operations and Security Team Silos
You can’t enforce IT hygiene and cybersecurity best practices if your teams aren’t working together. Existing point tools reinforce the silos we see crop up between IT operations and security teams instead of enabling the collaboration that isn’t just a nice-to-have, but crucial for better business outcomes. As organizations look to build and strengthen their security fundamentals, IT operations and security teams should unite around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt, and respond in real time to any technical disruption or cyber threat.
Without security fundamentals firmly in place, IT teams will start the new year behind. Heading into 2020, they should be able to address visibility gaps, strategically reduce the amount of IT tools that are used, and bring together IT operations and security teams.
Make 2020 a fresh start. If teams can focus on nailing their basic security fundamentals, they will be well-positioned to succeed not just this coming year, but in the years to come.
Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium’s customers ensure that the technology powering their business can … View Full Bio