Sometimes it seems like I double as a cybersecurity therapist. My friends that don’t work in our industry often ask me, “What’s the best thing I can do to protect my company and customer information?” I’m no Sigmund Freud, but I’m pretty sure they’re feeling vulnerable. With all the cybercriminal activity out there, who could blame them?
With so much information out there, data overload is inevitable. It’s difficult to wade through the details and chatter from security vendors and actually determine which ideas can make a difference. It’s imperative that organizations apply proactive defenses against attacks to reduce the threat surface, keeping the doors and windows bolted as much as possible. However, this is a difficult balancing act, as you have to be careful not to clamp things down so tightly that it impacts employees’ ability to do their jobs.
One of the tools I recommend is a Vulnerability Assessment program, aka a VA program. VA is a key security best practice used by most companies and organizations. Don’t confuse VA with virus scanning—they’re completely different animals. (We’ll discuss the latter in a future post). VA solutions scan endpoints such as desktops, notebooks and mobile devices, looking for operating systems and applications that may be out of date in terms of patches or updates, and other configuration settings. Basically, a VA program is looking for systems where there might be a situation that could make those devices susceptible to being attacked or hacked. These VA programs work very well, but the endpoints they evaluate are only as compliant as the last scheduled scan.
Since VA tools rely on periodic scanning—for example, every Thursday morning—any systems that were not connected to the network at that time were missed and could be out of compliance. Salespeople are notorious for being on the road and missing weeks of scheduled scans. In the meantime, the vulnerability window remains open as IT staff anxiety continues to build.
A much better best practice than a VA-only solution is combining a VA with Forescout CounterACT®. With CounterACT, missed VA scans can be eliminated, because CounterACT makes sure that devices are scanned when they connect to the network—even when a device misses the last scan window. And what about new devices? This approach addresses them too. CounterACT quickly discovers new devices as they enter the network and tells the VA system to scan them immediately, instead of waiting for the next scheduled scan window. This helps ensure devices connecting to the network are compliant. In addition, CounterACT can automatically initiate remediation actions to quarantine the device or request a real-time scan of the device should a potential vulnerability be identified. VA solutions without CounterACT are only able to notify the security services team, the network administrator, or simply, the user.
The best way to feel less vulnerable is to actually become less vulnerable. It all starts with better communication. That’s why Forescout is working with leading VA vendors to make sure their products talk to and interact smoothly with CounterACT. By ensuring compliance with the VA solution on endpoints and initiating a response to a potential security incident, the combined solution is significantly more robust and far more effective. The combination of these products, working together, makes me feel safer, and as a result, less vulnerable to a potential security breach.
Check out the story of the integrations with Forescout CounterACT by visiting Forescout.com https://www.forescout.com/partners/technology-partner-program/. I think you’ll find it highly empowering and very therapeutic.