In the Kingdom of The Blind, the One-Eyed Man is King

One of the biggest threats that we see in organizations exists across policies, procedures, and products. It’s completely agnostic of configuration, manufacturers, and customization. What do you think it could be?

The largest problem that I see in the security posture of most organizations is the lack of visibility into their infrastructure. We consistently add layers of security to mitigate the amount of compromised hosts, but do not usually invest in the products or time necessary to discover which hosts are already compromised. This does not take into consideration the violations of policies, loss of data, or leakage of information. Even with data leakage prevention (DLP) and application whitelisting systems in place, we have experienced instances where we have been able to bypass these systems.

The solution to this problem is dependent on your organization’s mission, priorities, budget, and time. Performing regular vulnerability assessments can give you a great deal of information (especially if you perform credentialed checks.) Security Information and Event Management (SIEM) systems and log correlation systems can parse, summarize, and alert based on events, anomalies or problems in the infrastructure. There are also application and user aware firewalls and network monitoring systems that can perform binary reassembly and transmission to a sandbox.

Overall, there are many ways for you to gain additional visibility into your infrastructure that can assist with security and monitoring.

One of the biggest threats that we see in organizations exists across policies, procedures, and products. It’s completely agnostic of configuration, manufacturers, and customization. What do you think it could be?

The largest problem that I see in the security posture of most organizations is the lack of visibility into their infrastructure. We consistently add layers of security to mitigate the amount of compromised hosts, but do not usually invest in the products or time necessary to discover which hosts are already compromised. This does not take into consideration the violations of policies, loss of data, or leakage of information. Even with data leakage prevention (DLP) and application whitelisting systems in place, we have experienced instances where we have been able to bypass these systems.

The solution to this problem is dependent on your organization’s mission, priorities, budget, and time. Performing regular vulnerability assessments can give you a great deal of information (especially if you perform credentialed checks.) Security Information and Event Management (SIEM) systems and log correlation systems can parse, summarize, and alert based on events, anomalies or problems in the infrastructure. There are also application and user aware firewalls and network monitoring systems that can perform binary reassembly and transmission to a sandbox.

Overall, there are many ways for you to gain additional visibility into your infrastructure that can assist with security and monitoring.