Tenable Network Security's CEO Ron Gula says organisations should use five critical cyber controls to identify the most important tasks to keep their environments secure.
Tracking your authorised inventory of hardware and software.
Continuously removing vulnerabilities and misconfigurations.
Network security should be a daily habit to stem the tide of vulnerabilities.
Giving users access to only what they need.
Searching for malware and intruders.
For example, when it comes to patching "if you have to wait... it's too late," he told iTWire. But once a culture has grown up around patching, it can be hard to introduce changes such as allowing operating systems and applications to update themselves automatically, even though some organisations already do this as a matter of course.
Part of the broader security problem is that because of organisational silos, it sometimes happens that nobody is looking at the big picture, he said.
But the idea of having separate teams for different aspects including response, compliance and intrusion detection is going away, because modern tools - such as Tenable's - mean they are all looking at the same information.
And if you're not detecting any malware on your network, you're probably not looking hard enough, he suggested.
One of the mistakes Gula sees is not paying enough attention to discovery. If that part isn't done properly, how can an organisation be sure that BYOD, cloud services subscribed by departments or workgroups and all the other aspects of 'shadow IT' are in compliance with corporate policies?
Even though Tenable's products include this capability at no extra cost, not all of the company's customers make use of it, he said.
The security focus should be on discovery and hygiene, and "if people do that they'll have a lot less drama," said Gula.
Another recommendation is to consider how someone might attack the organisation, and then address those issues. If the object of an attack is to exfiltrate data, blocking as many outbound connections as possible will reduce that risk - the harder you make it for an attacker, the more likely their activities will be revealed by intrusion or malware detection systems.
He's also "a big fan" of cloud-based single-sign-on technologies. While Tenable is not involved in that area, he says it tremendously simplifies access control.