Security Market Segment LS
Thursday, 10 September 2015 17:44

'Discovery and hygiene' is the key to IT security

By

If you don't know what you've got and you don't attend to the routine chores, how can you expect to keep your IT environment secure?

Tenable Network Security's CEO Ron Gula says organisations should use five critical cyber controls to identify the most important tasks to keep their environments secure.

They are:

Tracking your authorised inventory of hardware and software.
Continuously removing vulnerabilities and misconfigurations.
Network security should be a daily habit to stem the tide of vulnerabilities.
Giving users access to only what they need.
Searching for malware and intruders.

For example, when it comes to patching "if you have to wait... it's too late," he told iTWire. But once a culture has grown up around patching, it can be hard to introduce changes such as allowing operating systems and applications to update themselves automatically, even though some organisations already do this as a matter of course.

Part of the broader security problem is that because of organisational silos, it sometimes happens that nobody is looking at the big picture, he said.

But the idea of having separate teams for different aspects including response, compliance and intrusion detection is going away, because modern tools - such as Tenable's - mean they are all looking at the same information.

And if you're not detecting any malware on your network, you're probably not looking hard enough, he suggested.

One of the mistakes Gula sees is not paying enough attention to discovery. If that part isn't done properly, how can an organisation be sure that BYOD, cloud services subscribed by departments or workgroups and all the other aspects of 'shadow IT' are in compliance with corporate policies?

Even though Tenable's products include this capability at no extra cost, not all of the company's customers make use of it, he said.

The security focus should be on discovery and hygiene, and "if people do that they'll have a lot less drama," said Gula.

Another recommendation is to consider how someone might attack the organisation, and then address those issues. If the object of an attack is to exfiltrate data, blocking as many outbound connections as possible will reduce that risk - the harder you make it for an attacker, the more likely their activities will be revealed by intrusion or malware detection systems.

He's also "a big fan" of cloud-based single-sign-on technologies. While Tenable is not involved in that area, he says it tremendously simplifies access control.


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News

Comments