The importance of real-time visibility in your cyber threat response

The risk of being attacked by cybercriminals is only increasing, along with the costs and reputational damage that come from such attacks. Businesses need to improve their visibility into what’s happening on their network so they can respond faster to a cyber threat.

By 2020 there will be more than 20 billion unmanaged devices on networks. This is due mostly to the explosion of Internet of Things (IoT) devices, which can’t be managed by traditional security products. This is creating a new wave of risks for businesses; as less than 10 per cent of new devices will be manageable through traditional methods.

Businesses need real-time visibility, thorough vulnerability assessments, and automated mitigation to keep up with the volume and severity of security risks. Network and endpoint security has become too complex for individuals to manage. Businesses must automate. This requires businesses to choose best-of-breed security solutions that are easy to integrate through standardised APIs.

Businesses need a security platform that delivers complete visibility into every IP-addressable device, offers contextual data, and assesses the information to set policies around how devices are managed in the network. It’s essential to understand who owns the device, what type of device it is, where and how it’s connecting, and what security measures are already in place on the device.

Agentless solutions tend to work better than those that rely on agents because many endpoint devices can’t use agents. Furthermore, agents can be misconfigured or fail to be deployed on all devices, so there will always be visibility gaps. An automated approach that delivers full visibility into every single device is the only way to manage vulnerability.

When it comes to setting policies for endpoint devices, it’s important to know what the device will be used for. In some cases, more stringent security is appropriate. Businesses need a solution that lets them classify endpoints differently according to their use case, then set appropriate policies for them, which can then be applied automatically.

Security tools need to talk to each other and work together, eliminating silos. Doing so will help maximise existing investments in security. One security vendor can’t completely cover an organisation’s security needs from end-to-end. So, if taking a best-of-breed approach is inevitable, it’s essential to get the strongest performance from each solution as they work together to solve the problem. When that happens, the resulting solution is worth much more than the sum of its parts.

Businesses should conduct a review of their entire security portfolio, check for interoperability between the tools, and understand what problems they can solve. They should challenge vendors to work together and demand integration.

Visibility and automation are key. Businesses need a solution that delivers full visibility into everything that’s happening on the network, assesses vulnerabilities in real time, conducts automated device scans, and undertakes risk mitigation and remediation with automated responses. Once that’s in place, businesses can allow devices into the network without fear that they’ll introduce security risks.

Steve Redman, Chief Marketing Officer, ForeScout

No comments | be the first to comment

Comment Manually

Read more


FREE NEWS BRIEFS Get breaking news delivered