Visibility, Context, Automation are Key to Security Control

Remote work is now ingrained into the fabric of how companies operate. Many have already realized this new working paradigm optimizes productivity. So much so, that an ever-growing list of companies – Salesforce, Facebook, Dropbox and more – have converted offices into “work studios,” allowing permanent remote work for 50% or more of their workforces.

But what does this sweeping trend mean for security and risk leaders now and in the future? Is this sustainable when 2020 proved to be a record-breaking year with more than 18,000 new vulnerabilities identified? This is further compounded by the rapid migration to cloud services and accelerated growth of IT assets. As a result, already-stretched security teams are under even more pressure, which has led to the deprioritization of key security tasks. Since the onset of the COVID-19 pandemic, 33% of security teams downgraded software updates and BYOD policies, and 42% curbed reporting.

To address the significant rise of vulnerabilities and an ever-expanding threat landscape, executives must zero in on investments that provide the visibility and context needed to combat increasingly complex environments. Other emergent technologies, such as automation, will also be vital in optimizing their operations – on-premises and in the cloud – to enable a more proactive, preventative approach to security posture management across the modern enterprise.

Bringing Vulnerabilities into View

IDC predicts that by 2021, more than 90% of enterprises worldwide will rely on a mix of on-premises, dedicated private clouds, multiple public clouds and legacy platforms to meet their infrastructure needs. To manage this level of complexity, enterprises need to evolve their tech stacks and transform their security programs. Today, many still operate with significant blind spots.

To zero in on what matters, chief information security officers (CISOs) need better insights across their infrastructure and assets to understand where threats originate and the pathways they take. As a result, a new approach to cybersecurity is key: this includes a fresh look at people, processes, and technology.

Security and IT organizations need complete visibility and analytics to quickly map, validate and remediate vulnerabilities across hybrid and multi-cloud infrastructure. This provides the necessary intelligence to optimize security policies, actions and change processes across all corporate networks and their cloud environments. It requires establishing a mature and tightly connected security management framework that spans planning, implementation and ongoing change management workflows.

By unifying these capabilities with data sets from a wide range of security, cloud and networking technologies, security teams can break down silos and validate the network, cloud and security configurations together to remediate vulnerabilities faster. To advance change, it is integral that everything – including data and talent – work toward enriching the security program cohesively. Having smart insights and the necessary context needed to show how each process connects is invaluable.

The Argument for Automation

Although often considered an industry buzzword, automation can play a crucial role in fortifying security posture and helping security leaders take back control, while still meeting essential compliance requirements. With security teams becoming increasingly stretched, automation is proving to be a lifeline. Automation can help clean up and optimize firewalls, spot policy violations, ensure adequate segmentation, assess vulnerabilities without a scan, match vulnerabilities to threats, simulate attacks to evaluate rule changes proactively and more. Automation also right-sizes resources, freeing up talent to focus on supporting more strategic business initiatives.

To scale automation, foundational elements such as leveraging quality data sources, correlating data for actionable insights and implementing proper project management are essential:

‘Good data’ is your best friend: Good data is vital to building an effective analytics-driven automation solution and risk-fighting security program. CISOs should regularly collect relevant attack surface and vendor-related data – ranging from hybrid network infrastructure, merged asset records and vulnerability data sets – and amalgamate those into a centralized data repository. These data collection practices provide the insights needed for security management use cases, including BYOD policy management and reporting.

Understanding insights through data correlation: By correlating data sets, automation can assess rule changes on firewalls before they go live to identify rule or access policy violations, as well as vulnerability exposures. Analytics-driven automation can trigger review tickets and initiate workflows to determine if such rules should be recertified or deprovisioned.

Orchestration and oversight are paramount: Orchestration must be backed by visibility, context and human interaction to help security teams stay ahead of emerging cyber threats. Orchestration combined with continuous oversight is vital to maintaining compliance and systematically improving security posture. Analytics-driven automation can bear the brunt of these repetitive — yet heavily detailed — critical tasks.

As the acceleration of digital transformation continues, CISOs will have more assets to protect, more vulnerabilities to manage and more changes to secure. As a result, traditional cybersecurity approaches rooted in detection and response will no longer be enough.

Enterprises that build more proactive capabilities – such as improving network visibility, generating context-rich insights, leveraging automation and breaking down silos – will be the companies that emerge with the most resilient security programs. Consequently, they will be better equipped to prevent threats and deliver long-term business value to their organizations.

Avatar photo

Ron Davidson

Ron Davidson is an experienced technology executive and the vice president of R&D and CTO at Skybox Security.

ron-davidson has 1 posts and counting.See all posts by ron-davidson