Before starting my career in security, I was fortunate enough to play for a few NFL teams. It’s an accomplishment I’m extremely proud of, and one that took years of hard work and dedication. When I reflect on my football accomplishments, how I managed to play at the highest level at a position I had actually never played prior to my senior year in college, it all comes down to fundamentals.
In professional football the room for error is slim to none. Execution is what separates good from great players and organizations. The hours on hours of film study, drills and situational preparation all play a major role in what it takes to win. You prepare for any attack or counterattack your opponent can possibly bring your way.
In today’s ever-evolving world of cybersecurity, I see many correlations to football. Cyber professionals need solutions that keep their teams prepared for any situation, able to execute the fundamentals at great speeds and flexible enough to make real-time adjustments even as they’re being challenged on a daily basis.
Our customers have some incredible success stories that are prime examples of how they prepare for their everyday “Super Bowl.” Being a security professional is a little like being a head coach in football. When you win, it’s expected. When you lose, your job can be on the line. Here are three tips to help you be prepared for the big game:
Professional athletes work hours upon hours on the fundamentals of the game so that when the “bullets are live,” simple mistakes are avoided. After a while, the fundamentals of the game become second nature. A similar process takes place when security professionals deal with manual security tasks. But in IT security, the fundamentals are changing. Why? Security professionals are dealing with a rapidly expanding—and morphing—threat landscape. Consider the IoT (Internet of Things). Gartner estimated that 8.4 billion connected things were in use worldwide in 2017, and predicted that number will reach 20.4 billion by 2020.1 Gartner adds that by 2020, IoT devices will outnumber users with laptops, tablets or smartphones by more than three times!2 And when you factor in that the vast majority of those IoT devices will be unable to be managed by agent-based software, it’s like a free-for-all. The visibility gap becomes extreme, the fundamentals are no longer fundamental, and something has to give.
In football, preparation begins with film study and off-season training. In cybersecurity there is no off season, so you need to always be prepared for whatever might strike.
What better way to be prepared for a potential hack than to first and foremost know your threat landscape, or, in football terms, identify your tendencies. But with the tendency of IoT, OT and other connected device numbers to be headed off the charts, knowing your exact threat landscape has become very challenging.
Which brings us to Forescout. Our platform discovers what devices are connected across your heterogeneous network, classifies devices and continuously monitors hygiene of those devices without using agents/supplicants. It’s how we go about providing our customers with the best “film study” to prepare for their opponents. There’s a saying in football, “The eye in the sky does not lie.” Forescout is that eye—the one that can continuously provide detail of the landscape so you know who, what, where and when devices come on and off the network. These are fundamentals of security—at least they ought to be—and they are made possible by Forescout’s unique agentless approach to continuous visibility.
3. Flexibility to Make Adjustments Quickly
Strategic flexibility in football can mean the difference between winning and losing. I believe the same can be said for an organization’s security policies. Having the ability to react quickly and make adjustments on the fly are critical. Too many security tools are siloed off, and simply overwhelm security operations teams with constant alerts. When offensive coordinators come across weapons like Peyton Manning, Tom Brady, Aaron Rogers, Drew Brees, and now Carson Wentz/Nick Foles, that are able to automatically identify a bad situation and make adjustments for their team to be successful, the value is immeasurable. The Forescout platform can step into the quarterback role, automatically sharing information with your current security tools (your offensive weapons) to make them smarter. Thus, when put in a critical situation, we can do whatever is necessary on the fly: quarantine a device, fingerprint an IOC, trigger real-time VA scans, populate a CMDB in real time, respond to critical alerts from your SIEM, automate MDM processes, and much more. These “play calls” are all based on policies that are completely customizable to your organization’s needs. We even supply the templates.
In football and in network security, it takes hard work to have a good season, let alone a perfect one. And while it’s clear that not everybody can be the ’72 Miami Dolphins—in fact, nobody can be (at least not yet)—it is possible to win consistently. My suggestion is, start with agentless visibility, continuous monitoring across your heterogeneous network, and coordinated incident response through orchestration of your existing investments. All it takes to put you over the top is one key player. (Hint: I work for ‘em.)