Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/21/2019
01:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Fundamentals for Better Security and IT Management

Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.

As 2019 draws to a close, we'll see plenty of discussion of the year's major security incidents, but few will focus on the foundational missteps that plague most organizations. These disruptions aren't a mystery; in many cases, organizations still make the mistake of implementing new tool after new tool without understanding the nature of their hardware and software assets, where they sit, and what applications and systems are running on them. Throwing more tools at problems of visibility and control will leave any security and IT management strategy inherently flawed.

Let's cut through the clutter. Here are what organizations can do now, and throughout the coming year, to ensure that strong security and IT operations fundamentals are locked in.

1. Address Gaps in Visibility
IT teams simply can't protect what they can't see. Good IT hygiene begins with an accurate, up-to-date, and contextual inventory of an organization's endpoints, including servers, laptops, virtual machines, and cloud instances on the network. But that's just the beginning, and a mass of tools — from asset discovery solutions and security information and event management systems to configuration management databases and beyond — still leads to visibility gaps.

The reason is that a collection of point tools doesn't help organizations see the bigger picture — in other words, to have full visibility. Each product and tool has its own view of the IT environment. Individual tools may offer data that is relatively timely, contextual, or complete. But when IT teams look at this data in aggregate, visibility gaps begin to form.

Here's an example. IT teams might have a tool that gets endpoint detection and response (EDR) telemetry up to the cloud every five minutes from all of their systems — but not their unmanaged hosts. They may get vulnerability scan results back once a week for peripheral component interconnect (PCI) systems, but only once a month for workstations. Their asset discovery solution might scan for unmanaged and managed assets, but only in the data center and only once a day. And if they need a new set of data that they didn't anticipate and is outside the scope of their existing tooling's hard-coded capabilities, there's no easy way to get it. Consequently, stitching all this asynchronous data together to garner usable insights becomes so difficult as to be almost impossible.

If this lack of visibility isn't rectified, IT teams will continue to suffer the consequences. They may continue to think they are more protected than they are, exposing themselves to vulnerabilities that should — and could — have been prevented.

One way for IT teams to address this lack of visibility is by using a unified endpoint management platform. [Editor's note: The author's company, Tanium, is one of a number of companies that provide such a service.] With a single source of endpoint data, those glaring visibility gaps start to close.

2. Declutter and Consolidate the IT Environment
Collections of point tools aren't just a challenge for visibility; they're also adding needless complexity. A Forrester survey found that, on average, organizations today use 20 or more tools from more than 10 different vendors to secure and operate their environments. And many large enterprises have 40 to 50 point solutions — a staggering number.

This cluttered environment makes it a big challenge to implement good IT hygiene habits, because each tool offers different data and different degrees of visibility. In addition, tools individually are expensive to learn, deploy, and upgrade. They often have short shelf lives because they were built for their time, usually for a specific use case, and not exactly future-proofed.

The good news is that it isn't difficult to pare down the volume of tools. IT teams need to first identify the capabilities and deliverables their organizations need to implement, regardless of their technology and tools. Then they should go through each tool individually and catalog its capabilities. And finally, they should create a Venn diagram to see where overlap exists between these tools. Auditing your estate like this can be cumbersome, but the overlaps are the opportunities for consolidation so that IT teams can operate with fewer tools and more visibility moving forward.

3. Remove IT Operations and Security Team Silos
You can't enforce IT hygiene and cybersecurity best practices if your teams aren't working together. Existing point tools reinforce the silos we see crop up between IT operations and security teams instead of enabling the collaboration that isn't just a nice-to-have, but crucial for better business outcomes. As organizations look to build and strengthen their security fundamentals, IT operations and security teams should unite around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt, and respond in real time to any technical disruption or cyber threat.

Without security fundamentals firmly in place, IT teams will start the new year behind. Heading into 2020, they should be able to address visibility gaps, strategically reduce the amount of IT tools that are used, and bring together IT operations and security teams.

Make 2020 a fresh start. If teams can focus on nailing their basic security fundamentals, they will be well-positioned to succeed not just this coming year, but in the years to come.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What's in a WAF?"

Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium's customers ensure that the technology powering their business can ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.