Critical Security Control Automation

The threat of sophisticated cyberattacks, like ransomware and supply chain attacks, has made security a top priority for many organizations. They are investing in new tools and revamping internal processes, in an attempt to be truly secure. But what does true security really mean? And is the definition the same for every organization? How do you go about starting your security journey?  

The first step in becoming truly secure

At the beginning of the discussion, attendees talked about the first step in creating a truly secure organization. A head of technology said that you couldn’t get anywhere in the security world without MFA. A director of information security added that visibility is fundamental to security. You can’t secure what you don’t know exists. A few executives remarked that you should start from the people and process side of things. Make sure all stakeholders understand what’s about to change.  

There is no one-size-fits-all approach to security

A speaker told the audience that every organization perceives and implements security in a different way. Some determining factors are budget, infrastructural footprint, number of employees, data volume and nature, and compliance requirements. For example, a Fortune-25, highly regulated healthcare organization will have different security concerns from a mid-sized company that operates globally. There’s no one-size-fits-all strategy that any company can implement to enhance its security posture. You have to figure out your business’ priorities, requirements, and threats, and then chart your own path to true security.  

Should visibility be the universal first step?

Most participants agreed that if you don’t have full visibility, then nothing else matters. You could have the most experienced security team, resolute regulatory compliance, modern risk mitigation tools, and rigorous data privacy, but without 100% visibility across all your infrastructures, you will always be susceptible to compromise. A single unused cloud VM with elevated privileges that don’t appear in asset discovery could cause your entire ecosystem to go down. Modern visibility tools help you identify such zombie VMs and legacy applications running on your network.

Visibility does much more than just asset discovery

An attendee stressed that visibility offers much more than just asset discovery. Modern visibility tools help in vulnerability management and mitigation by letting you filter out potentially vulnerable systems. They play a part in incident response by offering information related to the ownership of an asset, its interconnectivity, and the types of applications running on it. They also make it much easier for all relevant people to have access to asset information. Authorized personnel can simply log on to a portal and find all the answers they need about the network, for example, how many VMs are provisioned on a cloud account, how many wireless devices are active, or which assets were recently decommissioned.

‍