Security Market Segment LS
Thursday, 10 September 2015 17:44

'Discovery and hygiene' is the key to IT security


If you don't know what you've got and you don't attend to the routine chores, how can you expect to keep your IT environment secure?

Tenable Network Security's CEO Ron Gula says organisations should use five critical cyber controls to identify the most important tasks to keep their environments secure.

They are:

Tracking your authorised inventory of hardware and software.
Continuously removing vulnerabilities and misconfigurations.
Network security should be a daily habit to stem the tide of vulnerabilities.
Giving users access to only what they need.
Searching for malware and intruders.

For example, when it comes to patching "if you have to wait... it's too late," he told iTWire. But once a culture has grown up around patching, it can be hard to introduce changes such as allowing operating systems and applications to update themselves automatically, even though some organisations already do this as a matter of course.

Part of the broader security problem is that because of organisational silos, it sometimes happens that nobody is looking at the big picture, he said.

But the idea of having separate teams for different aspects including response, compliance and intrusion detection is going away, because modern tools - such as Tenable's - mean they are all looking at the same information.

And if you're not detecting any malware on your network, you're probably not looking hard enough, he suggested.

One of the mistakes Gula sees is not paying enough attention to discovery. If that part isn't done properly, how can an organisation be sure that BYOD, cloud services subscribed by departments or workgroups and all the other aspects of 'shadow IT' are in compliance with corporate policies?

Even though Tenable's products include this capability at no extra cost, not all of the company's customers make use of it, he said.

The security focus should be on discovery and hygiene, and "if people do that they'll have a lot less drama," said Gula.

Another recommendation is to consider how someone might attack the organisation, and then address those issues. If the object of an attack is to exfiltrate data, blocking as many outbound connections as possible will reduce that risk - the harder you make it for an attacker, the more likely their activities will be revealed by intrusion or malware detection systems.

He's also "a big fan" of cloud-based single-sign-on technologies. While Tenable is not involved in that area, he says it tremendously simplifies access control.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments