Improved Visibility Means More Effective Security Tools

Jeffrey Champion
Author: Jeffery Champion, CISA, CISM, CDPSE, PMP
Date Published: 17 August 2022

When it comes to evaluating the efficacy of security tools, the first question many people ask is “How do I know if my enterprise’s security tools are protecting sensitive data?” When surveyed, 48 percent of respondents said they lack visibility into data that are processed within their organizations.1 Access to sensitive data by insecure, unmanaged devices or individuals and a lack of geolocation information about the data were also identified as blind spots for organizations. In fact, more than half of enterprise security leaders do not know whether their security tools are working, according to a report from the Ponemon Institute and AttackIQ.2

So, how can one be certain that their tools are as effective as vendors claim? Next year, organizations will have new budgets. How should they invest resources in additional equipment when there is uncertainty about the effectiveness of technological solutions? In this age of increasingly advanced technology, the best route to take to achieve effective cybersecurity can be unclear.

Compounding uncertainty surrounding security, during the COVID-19 pandemic, the cybercriminal landscape changed significantly. Hackers are scheming and stealing data at an alarming pace. Cyberprofessionals are moving quickly and trying not to break things to implement fragmented solutions that have siloed data environments in the workplace.

Cyberprofessionals are moving quickly and trying not to break things to implement fragmented solutions that have siloed the data environment in the workplace.

Maintain Network Visibility

Security and network teams can be rendered ineffective if visibility into the infrastructure is limited. When many tools are connected to a rapidly changing IT environment, there may be limited access to data in motion, which can cause tools to become inefficient, unsustainable and ineffective at detecting threats. Traditionally, tools directly attach to the production network inline or through test access points (TAPs) or mirror/switched port analyzer (SPAN) ports. However, the finite number of TAPs or SPAN ports, evolving topologies and high data volumes can leave organizations with costly tool sprawl and security vulnerabilities. Conventional tools eventually reach the limit of their processing capability, forcing traffic and data to be dropped and resulting in costly tool upgrades, or worse, affecting network performance for users.

Network visibility has never been more critical to—or complex for—enterprises. Internet of Things (IoT) devices, cloud applications, remote collaboration requirements, mobile employees and network security concerns mean that IT has more traffic spread across more places. Due to COVID-19, enterprises worldwide faced office closures and shifting buyer demands. This highlighted the importance of organizations’ abilities to quickly pivot operations and allow employees to work from anywhere. More enterprises, with more people working from home than ever before, are producing higher volumes of data.

The subsequent rise in network traffic means that organizations have new ways to better understand customers and leverage data to optimize operations. But it can also mean more network blind spots3 to navigate as traffic gets siloed across the network. Without complete network visibility, IT managers lack the insight and ability they need to quickly make decisions about how to allocate their resources, optimize performance and secure operations against unplanned downtime. This downtime can cost an organization considerably in lost productivity as employees struggle to connect to the data and systems they need to do their work, especially when their data and applications are kept in the cloud.

Strive for Efficacy and Eliminate Silos

Practitioners should consider the level of efficacy of the security tools at their enterprise—and whether it can be improved by asking questions such as, “Are deployed security controls effectively protecting the organization from data breaches and cyberattacks?” “Does the organization have gaps in its IT security infrastructure that allow attackers to penetrate its defenses?”

In the report cited, efficacy refers to both the effectiveness and efficiency of a security strategy, technologies and controls.4 There are numerous problems caused by not determining efficacy, including:

  • Uncertainty regarding whether tools are being empowered by teams
  • Inability to determine if the organization is getting full value from its technology investments and successfully improving team unity to combat threats
  • Inability to provide senior leadership and the board of directors (BoD) with a clear picture of the organization’s security posture

In addition to having efficacious tools, organizations can accelerate security incident response times by breaking down silos within the organization. Security teams should evangelize and champion teamwork across departments for the benefit of all. Eliminating data silos also helps lower IT costs and improve team unity. Collaboration can be made easier by consolidating security solutions into fewer platforms or 1 platform from a single vendor.5

Conclusion

The importance of consolidating and communicating information cannot be overstated. Security practices and solutions should offer visibility into data, devices, users, and cloud and IoT environments, since these areas are where the lion’s share of problems reside. Visibility determines how effectively security professionals can fight advanced threats. Penetration testing can be conducted on a predetermined schedule to uncover any remaining security gaps. It is time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

Endnotes

 

1 SANS Institute, “SANS Institute Identifies Security Blind Spots as Organizations Tackle Advanced Threats
2 Violino, B.; “Throwing More Money at Cyber Security Challenges Will Not Necessarily Address Them—Companies Need to Spend Wisely,” Bitdefender, 6 November 2019
3 Poremba, S.; “Five Security Blind Spots You Might Not Realize You Have,” Verizon
4 Ibid.
5 Hastings, S.; “Advantages of Consolidating IT Tools Into One Platform,” Faronics, 28 January 2022

Jeffery Champion, CISA, CISM, CDPSE, PMP

Is a senior manager for ISACA’s hands-on course activities. In this role, he supports cybersecurity, ISACA® information technology, and audit learning opportunities for ISACA’s constituents. He has more than 16 years of experience spanning multidisciplinary security, cyberoperations, financial and government institutions.