Automatically Managing and Securing Your Technology - Part 2
By Scott Gordon (CISSP) – Oomnitza Chief Marketing Officer
This is a continuation of part 1.
What once was referred to as an asset has evolved alongside the role of IT. Visibility for endpoints, applications, infrastructure, etc. appears to never be accurate. A hybrid work environment and the move to cloud infrastructure can leave enterprises vulnerable. How are organizations contending with increased cybersecurity risk due to a wider attack surface and more organized threat actors – and where can a system for process automation move the needle to advance attack surface hygiene.
Among other growing pains, nearly two-thirds of survey respondents indicated their organizations have technology inventory management issues manifesting in network infrastructure, malware and configuration compliance issues. Less than half of those surveyed expressed that their organizations possessed advanced technology intelligence – having visibility and insight for over 75% of their actual inventory. However, the majority indicated poor inventory intelligence. No doubt that IT and security professionals must manage a greater variety of technology across a more distributed IT estate. Accurate, consolidated inventory remains a cornerstone to numerous operational and security frameworks. Most organizations surveyed shared that they had piecemeal and inconsistent controls, insights, and details concerning business ownership, type, security state, and management state.
Consistent vulnerability assessment and patching are well known attack surface mitigation best practices. Yet nearly three quarters of survey respondents still expressed only moderate patching efficacy. For example, some patching may be lost if technology was not connected/logged-in or was unaccounted for during the patch cycle. Often an endpoint or virtual server has failures with various control agents. Once an agent/process is disconnected from the control server/service, ongoing configuration or threat management is lost. This is a common blind spot. Process automation that takes advantage of multi-source data aggregation and correlation would be able to identify patching issues, and even trigger other IT management systems to reactivate or reinstall controls.
By relying on siloed IT management tools for security context, organizations will not be able to efficiently obtain and analyze the data necessary to identify and respond to higher order operational, anomaly, exposure, and compliance risks. The data and context will remain fragmented and inaccurate. This affects enterprise security posture, and specifically delays audit readiness tasks and compliance verification processes, increases audit costs, and undermines optimization initiatives.
Furthermore, as security organizations seek to increase team efficiency and responsiveness, the inaccuracy and incompleteness of technology management (across endpoint, application, network infrastructure and cloud infrastructure) will undermine process automation. Workflows that trigger off siloed IT management tool data often lack the broader context necessary to address security posture exposures at scale. In addition, more accurate operational technology data, such as owner, manager, department and location details, allows security teams to conduct investigations and resolve issues faster.
The scope of attack surface mitigation is wide. This requires monitoring, analytics, and threat mitigation of not only the internal attack surface, but the external attack surface. IT and security professionals use a variety of tools that cover the operations and defense of different classes of technology and across different IT domains and businesses. As much as CIO, CISO and IT leaders consider the potential economies of consolidating tools, on-going and evolving technology adoption, digital business ecosystems, and varying compliance specifications will more likely offset consolidation benefits. Additional objectives to maintain trained staff will also come into play. For example, those surveyed shared that their highest challenge to protect cloud infrastructure was lack of qualified staff.
How will organizations move the needle towards improving their security posture? Will they replace siloed management tools for a centralized platform or continue to expand their tool set investments? This question was posed, and the answer shows the enormity of considerations at play. Over a third of security leaders and practitioners remain undecided whether or not to replace their tools. Nearly half of responses in the survey appeared to favor moving to a centralized platform, which accommodates both consolidating and keeping existing IT tools to progress attack surface mitigation capabilities.
As organizations determine how to better leverage their endpoint, application, network infrastructure, cloud infrastructure, and security management tools to improve their security posture and cyber resilience, a platform approach to enterprise technology management would provide a centralized means to gain accurate and timely IT estate visibility and requisite analytics. This approach would also enable the required automation to streamline security, compliance, audit and attack surface mitigation processes.