Three reasons why context is key to narrowing your attack surface
2020 has been a year of radical change for cybersecurity. Lockdowns forced businesses to find new ways to maintain continuity. As a result, digital transformation initiatives have accelerated from three-year initiatives to three-month sprints. Many organizations ended up “leaping before looking” to the cloud.
This accelerated digital transformation served as a forcing function that brought IT and security together to reconcile legacy technology, identify risks in the supply chain, narrow the expanding attack surface and realign programs to support core business objectives. To regain and maintain control, IT and security teams need to collaborate on one core focus: gaining full visibility across the entire enterprise.
Tech sprawl leads to increased risk
Security has become too complex to manage without a contextual understanding of the infrastructure, all assets and their vulnerabilities. Today’s typical six-layer enterprise technology stack consists of networking, storage, physical servers, as well as virtualization, management and application layers.
Tech stacks can involve more than 1.6 billion versions of tech installations for 300+ products provided by 50+ vendors, per Aberdeen Research. This sprawl is on top of the 75 security products that an enterprise leverages on average to secure their network.
Now, imagine carrying over this identical legacy system architecture but with thousands of employees all shifting to remote work and leveraging cloud-based services at the same time. Due to security teams implementing new network configurations and security controls essentially overnight, there is a high potential of new risks being introduced through misconfiguration.
Security teams have more ingress and egress points to configure, more technologies to secure and more changes to properly validate. The only way to meaningfully address increased risk while balancing limited staff and increased business demands is to gain contextual insight into the exposure of the enterprise environment that enables smarter, targeted risk reduction.
It is time for data to work harder
Developing a contextual understanding of cyber risks for corporate assets requires a holistic view of the entire ecosystem of technologies in the organization’s IT and security stacks. Many enterprises are introducing new security products to their stack. Unfortunately, those tools are typically addressing a point problem in a siloed approach, rarely include an intimate understanding of the attack surface and potential exposures and will likely deliver only limited impact.
Data from all solutions should be collected, aggregated and normalized to build an informed picture of risk and develop the ability to see around corners. This insight is only going to increase in criticality, especially considering the ever-dynamic nature of the network and its vanishing perimeter. One time or periodic effort in risk reduction exercise wouldn’t cut it anymore.
To achieve a fully protected digital enterprise, CISOs are implementing context-aware change management processes that balance the needs for rapid, daily changes in IT infrastructure and the applications its supports and keeping the organizations secure continuously.
Here are three key reasons why:
You can’t protect what you can’t see. The lack of cohesion between threat response and the implementation of new security policies and configurations is creating blind spots that attackers are capitalizing on. With organizational perimeters continuing to vanish and remote working here to stay for the indefinite future, security personnel must re-think and plan new cyber defenses and get the context needed to take decisive, targeted action.
Keep pace with change. Whether you’re managing a hybrid remote workforce or an enterprise-wide software implementation, the “new normal” requires more agility and change than ever before. If security policy management teams validate new policies and deploy new rules without understanding vulnerability and asset exposure, they often introduce new risk unintentionally.
To ensure security policy changes are adequately analyzed and properly deployed, leading organizations are developing change management practices that enable them to bridge the gap between security and network teams. Implementing context-aware policy changes, leveraging network path analysis and attack simulation capabilities keeps the organization secure while enabling the business to be agile.
Make informed decisions – and fast. If network security policy management and vulnerability management are not interconnected, the context will undoubtedly be lacking. Ultimately, this leads to a weak security posture. By relying on inadequate reactive security measures, organizations are essentially hand-feeding attackers with a very attractive list of critical vulnerabilities to exploit.
Cybercriminals and bad actors have wasted no time in identifying opportunities to exploit our new remote working reality, which means security teams need to move faster than ever when it comes to making game-time decisions. With a unified view of the network and its security policies, businesses can better navigate across organizational silos and disparate technology systems. With actionable context, security professionals can focus remediation where it’s needed most while validating rapid network configuration changes.
The radical changes this year have served as a catalyst for businesses of all sizes to re-evaluate their security programs and develop new tactics to improve their posture. Security and IT teams were relied upon for their strategic decision making and execution throughout this year. In 2021 and beyond, they will play a key role in ensuring the business reaches its goals. To extend their influence, narrow the attack surface, and support ongoing digitization needs, security and IT leaders need to develop the ability to see around corners. They need context.