When it comes to cybersecurity, enterprise visibility is a hot topic. Why is it so important? Simply put: you need to be able to see it to protect it. Visibility is the ability to see the threats in your environment, and view them in a way that makes sense to a diverse group of individuals, including executives, IT professionals, developers, business units and auditors. As data expands and IoT, AI, digital, social media, etc., are proliferating, the challenges of seeing what you have is harder than ever—because your data is literally everywhere.
The good news
Today, we have the approaches, tools and capabilities in place to provide new levels of visibility across all platforms. These approaches and solutions allow you to see things in your enterprise cybersecurity that are deeply meaningful and highly valuable in terms of protecting your data and your brand. A report from the Ponemon Institute states that greater visibility into applications, data, and devices can lower an organization’s security risk. Yet, in this same report, more than half (55%) of the companies who responded say their companies are not investing in visibility and discovery solutions that could protect sensitive data.1
So, as a security professional, what can you do to protect your data, your brand and even your own reputation? You can start by developing a converged, strategic approach to your visibility.
3 Critical Components of Successful Cybersecurity Visibility: Technical, Operational and Organizational
Visibility requires technical, operational, and organizational planning. When you break it down into these three discrete and digestible areas, visibility doesn’t seem as overwhelming.
Technical visibility has to do with external threats and vulnerabilities in your infrastructure. Before you can protect a device or a connection, you need to know it exists. Increasingly complex and fragmented IT environments have become even more challenging for companies. And, with the steady growth of end-user devices, servers, cloud providers, etc., the ability to understand what and where these devices are located and how they are being used are critical first steps.
Let’s say you have a firewall, a few computers, a server, and dozens of physical devices and assets plugged into your network. From a visibility perspective, you need to understand their functions, who owns them, and their current operating status in real time. Several solutions allow you to have visibility at the device level. According to a recent Gartner report, organizations are now investing in tools that are more sensitive, and focus on balancing response and detection with prevention.2
As you research the best tools to protect your IT environment, you may notice a trend among vendors. More vendors today readily share their data with each other. This consolidation is advantageous because it gives them the ability to become the “single pane of glass” that provides maximum visibility for their clients. The rise in more sophisticated alerts and tools has led to an increased need to centralize and optimize operations, which means security operations centers (SOCs) are now a business asset.
Operational visibility involves operational compliance and operational processes.
It’s proprietary, often old and not connected to IT. The main reason to do this is for compliance. Enhanced visibility allows you to protect your data and meet your compliance requirements.
Then there are the users. You need visibility into who has access to what data and why. This includes identity access management. What level of responsibility does a user have? What data can the user access? What applications does the user need to be efficient? As an IT professional, you need to understand all of this throughout the lifecycle of the user, from onboarding to off-boarding–making sure the appropriate users are removed from—and added to—systems when needed. User-based visibility throughout the lifecycle is probably one of the hardest things that IT has to manage. Very few tools are out there to help you do it well; it boils down to discipline and rigor. Many companies struggle to maintain the high level of hygiene necessary from a lifecycle management perspective.
Organizational visibility means potential threats against the business’s intellectual property, brand or reputation. This is the area that is often toughest for IT people and consultants to grasp. Organizational visibility is also tough for many companies because it requires strategic approaches and processes, not only solutions. Consider this: if you need visibility into potential brand damage, it’s likely no tools can help you. You will find it is more about making the right decisions to determine what that encompasses and how to track it. The only reason cybersecurity IT professionals exist is to protect data. Therefore, by extension, the brand, the reputation and the financial health of the organization. At the end of the day, it’s all about the data.
So, now you know why it’s important to develop a converged, strategic approach to your cyber visibility; what next?
Start with an assessment. You may want to work with an outside consultant who can help you prioritize what’s most important. Many visibility experts have decades of experience helping clients answer these types of questions:
Every tool, solution, service and capability you need will result from a deep understanding of what you have and what you need to protect. There’s no need to do this in a bubble when you can seek an industry-specific expert in the area that’s relevant to you.
Don’t let the tools drive your requirements. It’s an old saying, but it is more relevant now than it has ever been. Many companies struggle because they lower their requirements and expected outcomes based on technology limitations. Back in the day, there were only a handful of vendors that did what you needed. You had to pick from vanilla, strawberry and chocolate. Now, you’ve got a myriad of tools, strategists, professionals and vendors. Today, you will see that vendors are offering premium services that combine products with implementation, configuration and ongoing operational services. This means vendors can help you gain more immediate value from the tools, which will help you better meet your needs.
Question everything. Don’t be afraid to break the mold and bring in some new fresh faces, ideas and experience that challenge the status quo. There’s always a better way out there. Your company’s visibility is so important, it’s often worth getting a second opinion. Keep this in mind as you work to strengthen your company’s security posture, and remember—whatever you see, you can truly protect.
1. Ponemon Institute
2. Gartner Top 7 Security and Risk Trends for 2019, June 2019 https://www.gartner.com/smarterwithgartner/gartner-top-7-security-and-risk-trends-for-2019/