Maximizing security visibility on a budget

In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential.

Mainz also discusses how AI and machine learning can help organizations stay proactive as the attack surface continues to grow.

What are the primary challenges organizations face when trying to achieve security visibility, particularly in cloud or hybrid environments?

While cloud or hybrid cloud environments provide increased scalability and accessibility, they also come with a set of complex security challenges. With the network spread across private and public platforms, these environments create a maze of potential vulnerable blind spots where security threats can easily remain undetected and worse, become a place where attackers might already be positioned.

Moreover, simply having visibility into the existence of assets isn’t enough. What organizations need is asset intelligence – deeper insights into the configuration, posture, and behavior of every device – to better monitor and control all managed and unmanaged devices. Without this level of understanding, teams remain reactive, only responding to incidents after the fact to mitigate and reduce impact. Organizations need a proactive security strategy to get ahead of the ever-growing attack surface. The stakes are too high, and the blind spots are too dangerous.

What practical steps can organizations with limited resources take to improve their security visibility?

Even with limited resources, organizations can make significant strides in improving security visibility by following four key steps: what’s out there and what is it, assign risk, what to do if it’s risky, and risk control. It starts with the very important step of identifying what’s out there and classifying every device on the network, especially unmanaged assets like OT and IoT devices. Without a clear understanding and inventory of what’s on an organization’s network, protecting critical assets becomes nearly impossible.

Often, the most vulnerable devices are the ones overlooked—those with outdated software or unsecured entry points that remain connected to the internet. Think printers, webcams, routers, or even video game consoles. The risks are everywhere right in front of everyone. Forescout’s Vedere Labs recently found a 136% surge in IoT device vulnerabilities, emphasizing the need to identify risky devices hidden in plain sight.

By identifying these weak points early, organizations can take proactive measures before small issues escalate into serious threats. Prioritize risk-based actions. This means focusing on the highest-risk areas, allocating resources strategically, and leveraging automated tools that provide real-time insights. With this approach, even resource-constrained teams can better identify vulnerabilities across devices and networks, significantly reduce cyber risk, and enhance their overall security posture.

What should companies prioritize in terms of visibility to ensure compliance with various regulatory requirements?

Compliance isn’t just a checkbox – it’s a necessity. With the surge of BYOD, IoT, OT, virtual machines, cloud servers, and an ever-expanding remote workforce, traditional methods like point-in-time scans and agent-only solutions simply aren’t enough. Companies must prioritize complete, continuous visibility into every device on and off the network. This means automating and enforcing device compliance and segmenting the network to separate the secure, up-to-date endpoints from the unmanaged, unpatched, or potentially rogue devices lurking in an organization’s infrastructure. In many scenarios, patching is unrealistic for certain types of devices and compensating controls must be used but must also be verified continuously.

By implementing continuous asset monitoring and security controls, organizations can detect and neutralize noncompliant or compromised devices before they pose a risk.

If you had to give one piece of advice to security teams striving for better visibility, what would it be?

Embrace a holistic approach to zero trust.

In a world where remote work, personal devices, and cloud services are now integral parts of the network, the traditional idea of a secure perimeter is obsolete. Taking a zero trust approach does not just add another layer of security, but creates granular visibility into every interaction within the environment. But zero trust inherently is flawed when it only considers the network or the user in a single dimension. The compliance, posture, risk and active threats taking place are other key factors that make zero trust complete.

Every connection, every user, and every asset must be authenticated but also compliant, low risk and void of any active threats. The “never trust, always verify – continuously” mindset is critical.

Zero trust ensures security teams shift from a reactive to proactive security approach. This methodology helps organizations block attackers from moving laterally across the network, while continuously monitoring for threats at every access point. This isn’t just about improving visibility, but fundamentally shifting how organizations approach security to protect the crown jewels for the modern organization.

What trends do you see shaping the future of security visibility? How will AI and machine learning influence visibility strategies?

Today, AI in cybersecurity is most effective as a tool for streamlining and supporting decision-making rather than fully automating actions or decisions.

Many organizations are skeptical of tools that claim to be “AI-powered,” especially when too much product value relies on a bolt-on approach to AI. AI should enhance product functionality, not define it.

When thoughtfully integrated, AI delivers quicker, more precise insights that enable security teams to make data-driven decisions. Forescout’s AI strategy exemplifies this approach – using AI to improve and streamline workflows, not replace human oversight. As the attack surface expands, AI will play a pivotal role in helping teams cut through the noise, identify threats, and act quickly.

While the opportunities with AI continue to unfold, it’s the convergence of IoT and OT that’s becoming a critical factor in reshaping security visibility. Legacy OT systems – some dating back two or three decades – are increasingly connecting to the internet despite lacking defenses against modern cyber threats. These aging devices form the backbone of essential sectors like energy, healthcare, and transportation. Their online integration is rapidly expanding the attack surface, and we’ve already witnessed a surge in cyberattacks targeting this vital infrastructure.

Imagine the consequences if outdated control systems within our power grids or water treatment facilities were compromised. We’re not just facing temporary glitches; we’re looking at the potential for widespread chaos affecting millions, jeopardizing public safety and national security.

The urgency for robust cybersecurity measures has never been greater – and it will only continue to intensify. Developing a comprehensive, dynamic asset inventory is a crucial first step in effectively understanding and mitigating these escalating threats.