Twitter: @rmawaters
New Major Cyber Breach, Old Cyber Suspects
Each month, it seems another high-profile attack hits the newswire and potentially millions of people are affected. From HBO to Equifax, 2017 proved to be a devastating year for breaches. But it’s no different from the last few years. Truth is, every high-profile breach has a familiar storyline: old, unpatched vulnerabilities, advanced persistent threats and lack of visibility. These are culprits so often, you could call them the “Usual Cyber Suspects”.
So, why do we continue to see such high-profile cyber breaches? Simply put, it’s not easy—or cheap—to secure an enterprise network using traditional cybersecurity methods. Enterprises the world over continue to struggle with non-stop cyberthreats that have the potential to wreak havoc on any scale. What’s more, as IoT devices continue to grow in number—Gartner predicts that by 2020, IoT technology will be in 95% of new product designs1—the attack surface grows exponentially. Hackers everywhere are seizing on this opportunity, keeping corporate IT departments on edge and traditional cybersecurity methods simply cannot keep pace.
Siloed Security is Tunnel Vision
You can’t protect what you can’t see, and network visibility has never been more important. Siloed security solutions lack complete visibility into risks such as long-forgotten orphan virtual machines, rogue software installations and connected devices. The days of simple, standardized IT infrastructure are over; we are living in a cloud-consuming, SDN-enabled, IoT era. Regardless of where devices and data are located, it’s essential that we understand who has access to data, where data resides and what is running on our network.
Granted, defense in depth has been a prescribed cyber best practice for years, but multivendor environments quickly increase complexity and management overhead. What’s more, something as simple as a missing or broken agent can make you lose visibility and control of the endpoint. In other words, you’re left with cyber black holes—prime targets for hackers.
It’s Time to Take Advantage of Visibility and Orchestration
Together, device visibility and orchestration can shine a light on black holes, and close cybersecurity hygiene gaps. A unified cybersecurity framework can act as a central hub of network intelligence.
Forescout can provide a unified cybersecurity framework. By ingesting data from leading security tools such as Palo Alto Networks® next generation firewalls (NGFW), Splunk® Enterprise and Tenable® VM, the Forescout platform can automatically respond to detected zero-day threats and incidents of compromise. Network trend analysis through Splunk can further provide visibility on any bad actors and events that lead to malicious behavior. Once a vulnerability has been detected on an endpoint, Tenable VM can scan the quarantined endpoint and determine that no other threats exist before bringing the device back onto the production network. All of these actions can be automated and centrally viewed through Forescout CounterACT® for real-time cyber investigation and remediation. Advanced orchestration of these scenarios is made possible using Forescout Extended Modules, which break down security and IT management silos for the products I just mentioned—and many others.
It’s Your Move
Hackers are relentless—on any given day, pick up a newspaper and a new cyber victim appears in the headlines. Whether the forensics reveal a new flavor of malware or a two-year-old vulnerability that was leveraged in the attack, this bad news won’t get any better. However, as a cybersecurity professional, you can correct poor network visibility and slow response to cyber threats: you can implement a unified cybersecurity framework for accurate network intelligence, and avoid being the next Equifax.