There’s a failure to communicate in medium and large organizations today, but people aren’t the problem. What I’m referring to is the pervasive situation in security management where the specialized technologies that are supposed to be protecting the enterprise –ATD, VA, EMM, EPP and SIEM—are working in isolation and keeping information to themselves. That information, if shared between security technologies, could make organizations impervious to the vast majority of threats that are so frustratingly successful today.
Just imagine if the human body dealt with information in the same siloed way. You could have a black widow spider crawling up your leg unbeknownst to your brain or the rest of your body. Of course when the spider bites, it wouldn’t just be your leg that’s out of luck.
The Human Body Is Actually a Good Model for Cybersecurity
Fortunately for all of us, the human body’s security system is well-integrated. Information is shared in countless ways, and that keeps us out of trouble—at least most of the time.
The human body’s two key decision-making mechanisms, the central nervous system and the brain, are designed to complement each other. The nervous system runs on adrenalin and reacts to danger in real-time. It relies on its own network of sensors and doesn’t consult the brain in many of the thousands of decisions it makes every day because things happen too fast. Everything from swatting a bee to putting down a burning-hot cup of coffee is done instantly, without thinking. This gives its security partner, the brain, the opportunity to do what it does best: pondering unknowns (aka thinking) and making higher-level decisions. The brain is too slow to handle threats that require split-second action, but, with its methodical intelligence, it sometimes overrides the nervous system and tells it to pick up a cup of coffee that’s hot but not too hot, or leave a bee alone.
An Intelligent, Two-Pronged Approach to Cybersecurity
Network security solutions would do well to emulate the way flesh-and-blood, bi-lateral security systems function. To be effective, enterprise security architecture must be able to respond instantly—no wasting time contemplating unknowns or the consequences of actions. But security architecture must also have a thoughtful, highly intelligent component that can see the big picture and act accordingly. In other words, network security requires a cyber nervous system and a brain.
ForeScout is uniquely qualified to be your organization’s cyber nervous system. ForeScout offers data aggregations and orchestration to provide in-depth awareness of what’s in your environment and automated, coordinated responses to threats. ForeScout has the ability to instantly “size up” endpoints—corporate and personally owned laptops and smartphones as well as IoT and rogue devices—and share the detailed sensory insights it gains about those endpoints with third-party security tools. Its rules engine and workflow engine are able to act at line speed and in real time, so they can make decisions instantly. And, by exchanging information with third-party security products of all kinds, ForeScout can take action against threats, either automatically or when the brain—your incident response team—gives the order.
Maintaining network security may seem like an incredibly complicated and inefficient task. But by taking security tools out of silos and enabling them to communicate within a unified security infrastructure, you get an orchestrated, automated threat mitigation system while keeping your “brainy” team highly informed in real time.
To find out more about security tool integration, download the ForeScout Orchestration white paper, Automating System-wide Security Response through Orchestration.