In my previous blog post I addressed common public sector security pitfalls and highlighted unmanaged and unidentified endpoints as major threats to network security. To recap, most network security tools depend on endpoints running security software, which provides administrators and their security tools with visibility into the device.
The problem is that not all devices communicate with software security agents, and not all devices on a network are known to administrators. These devices can become a serious security concern. With this in mind, how can you secure your network more effectively?
The simple answer is through visibility, continuous monitoring and the ability to automate remediation. Knowing what is on your network is the foundation for security. Not just the known devices. Since threats are coming from all directions your solution needs to protect you from all sides. Let’s break this down a little further.
Continuous monitoring versus time-based tools
Many time-based scans look at endpoints at a single point in time. The challenge is that the administrator only has insights into a small window of time rather than a real-time, continuous diagnostic of their network. Many public sector enterprises also rely too much on alert and inform reports that can become outdated very quickly due to devices constantly coming on and off the network. Since devices connected to a network are critical, this calls for a complete solution that can see connected devices in real-time.
Once an administrator has a solid grasp on the endpoints connected to their network it’s time to do a compliance check on those devices. A compliance check on endpoints will determine if they meet security compliance requirements and determine if there are vulnerabilities. As vulnerabilities or threats on the network are discovered, you need to be able to automate the next step through remediation.
Mitigating issues automatically is more efficient, more secure and much more comprehensive because it is continuous and nearly instantaneous. Many organizations worry that automation means they’re losing their control, blocking devices off the network. But sometimes it can just mean remediating, making sure it’s patched properly – or whatever supports the predefined baseline. Automation is also critical between tools and we refer to this as orchestration, which supports coordination across security platforms.
It’s still important to have core competency tools designed for specific tasks, but facilitating communication between tools enables them to work in unison making them stronger. For instance, we can take an enterprises time-based scanning tool, transform it into a continuous monitoring capability, and automate it by sharing the information between other network security tools.
Each tool should make the whole ecosystem stronger. This is done through orchestration. It is important to orchestrate communication between these tools so we don’t completely rely on humans pulling information from one security tool into another – which is not sustainable.
Ultimately, you can’t protect what you can’t see. We have to begin by knowing what’s connected to the network – not just the known Windows managed devices.
Public sector network security begins with the right foundation. The building blocks of this architecture are visibility across the network, automated security and mitigation practices, and orchestration between security tools.