Security Means Managing What You Already Own First

By Eric Noonan • December 11, 2014

A trend that I have picked up on in conversations with CIO’s, CISO’s and other leaders responsible for securing the enterprise is the huge gap between what they need and what many vendors are marketing. Security leaders in the trenches need solutions to optimize and integrate existing tool investments, manage security capabilities in a coordinated way, and a means for engaging in business conversations about the security they deliver. Vendors seem focused on marketing the future and selling more capability into already resource-strapped security teams that can’t even effectively use the tools they already own due to an under-investment in people and process.

Instead of buying more “stuff”  to manage I’d suggest finding a way to measure and manage what you already own. What’s that look like?

Focus on the things you have control over, for example, privileged accounts. Instead of academic discussions around data classification (you know with all the re-organizations and M&A activity you are never going to get there) put your energy into identifying, reducing and then managing your privileged accounts. You own and control your privileged accounts and they are exploited in 100% of the attacks you are most worried about so before you buy that next-generation firewall make sure you’ve taken care of the fundamentals.

Another opportunity to seize today in lieu of investing in the unknown future is vulnerability management. Your effectiveness at vulnerability management has a direct impact on nearly every other part of the security organization you manage. No process for patch management:  expect to spend more on incident response. Scanning only a portion of your environment: expect more alerts for your Security Operations Center team to manage. There is a direct correlation between resources consumed in other areas of security and your investment in vulnerability management. It’s another example of managing what you already own before you try to ingest another tool without adding any engineers or process.

I’m not suggesting that CIO’s and CISO’s shouldn’t be trying to “see around corners” and prepare for the future but the amount of hype about what’s next taking away the focus from managing today.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security