Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

checkLoop 1
11/21/2019
01:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Fundamentals for Better Security and IT Management

Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.

As 2019 draws to a close, we'll see plenty of discussion of the year's major security incidents, but few will focus on the foundational missteps that plague most organizations. These disruptions aren't a mystery; in many cases, organizations still make the mistake of implementing new tool after new tool without understanding the nature of their hardware and software assets, where they sit, and what applications and systems are running on them. Throwing more tools at problems of visibility and control will leave any security and IT management strategy inherently flawed.

Let's cut through the clutter. Here are what organizations can do now, and throughout the coming year, to ensure that strong security and IT operations fundamentals are locked in.

1. Address Gaps in Visibility
IT teams simply can't protect what they can't see. Good IT hygiene begins with an accurate, up-to-date, and contextual inventory of an organization's endpoints, including servers, laptops, virtual machines, and cloud instances on the network. But that's just the beginning, and a mass of tools — from asset discovery solutions and security information and event management systems to configuration management databases and beyond — still leads to visibility gaps.

The reason is that a collection of point tools doesn't help organizations see the bigger picture — in other words, to have full visibility. Each product and tool has its own view of the IT environment. Individual tools may offer data that is relatively timely, contextual, or complete. But when IT teams look at this data in aggregate, visibility gaps begin to form.

Here's an example. IT teams might have a tool that gets endpoint detection and response (EDR) telemetry up to the cloud every five minutes from all of their systems — but not their unmanaged hosts. They may get vulnerability scan results back once a week for peripheral component interconnect (PCI) systems, but only once a month for workstations. Their asset discovery solution might scan for unmanaged and managed assets, but only in the data center and only once a day. And if they need a new set of data that they didn't anticipate and is outside the scope of their existing tooling's hard-coded capabilities, there's no easy way to get it. Consequently, stitching all this asynchronous data together to garner usable insights becomes so difficult as to be almost impossible.

If this lack of visibility isn't rectified, IT teams will continue to suffer the consequences. They may continue to think they are more protected than they are, exposing themselves to vulnerabilities that should — and could — have been prevented.

One way for IT teams to address this lack of visibility is by using a unified endpoint management platform. [Editor's note: The author's company, Tanium, is one of a number of companies that provide such a service.] With a single source of endpoint data, those glaring visibility gaps start to close.

2. Declutter and Consolidate the IT Environment
Collections of point tools aren't just a challenge for visibility; they're also adding needless complexity. A Forrester survey found that, on average, organizations today use 20 or more tools from more than 10 different vendors to secure and operate their environments. And many large enterprises have 40 to 50 point solutions — a staggering number.

This cluttered environment makes it a big challenge to implement good IT hygiene habits, because each tool offers different data and different degrees of visibility. In addition, tools individually are expensive to learn, deploy, and upgrade. They often have short shelf lives because they were built for their time, usually for a specific use case, and not exactly future-proofed.

The good news is that it isn't difficult to pare down the volume of tools. IT teams need to first identify the capabilities and deliverables their organizations need to implement, regardless of their technology and tools. Then they should go through each tool individually and catalog its capabilities. And finally, they should create a Venn diagram to see where overlap exists between these tools. Auditing your estate like this can be cumbersome, but the overlaps are the opportunities for consolidation so that IT teams can operate with fewer tools and more visibility moving forward.

3. Remove IT Operations and Security Team Silos
You can't enforce IT hygiene and cybersecurity best practices if your teams aren't working together. Existing point tools reinforce the silos we see crop up between IT operations and security teams instead of enabling the collaboration that isn't just a nice-to-have, but crucial for better business outcomes. As organizations look to build and strengthen their security fundamentals, IT operations and security teams should unite around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt, and respond in real time to any technical disruption or cyber threat.

Without security fundamentals firmly in place, IT teams will start the new year behind. Heading into 2020, they should be able to address visibility gaps, strategically reduce the amount of IT tools that are used, and bring together IT operations and security teams.

Make 2020 a fresh start. If teams can focus on nailing their basic security fundamentals, they will be well-positioned to succeed not just this coming year, but in the years to come.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What's in a WAF?"

Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium's customers ensure that the technology powering their business can ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
joshuaprice153
50%
50%
joshuaprice153,
User Rank: Apprentice
12/11/2019 | 3:12:43 AM
3 Fundamentals for Better Security and IT Management
These kinds of posts actually make online reading worthwhile (and less of a burden) for everyone. Thanks for putting so much effort on this blog and I hope you'll keep 'em coming! paint contractor Lakeland
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19777
PUBLISHED: 2019-12-13
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778
PUBLISHED: 2019-12-13
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-16777
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of pa...
CVE-2019-16775
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publi...
CVE-2019-16776
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain...
checkLoop 2