Why Periodic Security Scans Aren’t Good Enough in Today’s Threat Environment
An annual medical exam is routine for most of us, and something we usually do when we are feeling relatively well. But imagine a scenario where, rather than starting at a place of health, your systems are under constant attack. A periodic check-up isn’t good enough to monitor weakened defenses.
It’s the same situation with networks. And it’s even more complex since networks now encompass virtual, cloud and mobile environments as well as on-premises systems. Traditional defensive technologies such as monthly scans, firewalls, antivirus packages and patching don’t always prevent major attacks on network health. Organizations must adapt their defenses to the new technologies to keep networks safe and secure.
Continuous monitoring is the single best protection an organization can have to safeguard network health, while taking advantage of the efficiencies and agilities the new extended IT landscape offers. With a continuous network monitoring solution, you automatically manage the ongoing discovery and security assessment of traditional IT servers and desktops, BYOD, virtual technologies and cloud-based servers and applications.
The recent rash of breaches has occurred because of gaps in security management plans that focus solely on investments in traditional defensive security technologies. Continuous monitoring leverages automation to align these tools with a comprehensive security policy. It brings agility to security management, helping you prioritize responses to the most important system vulnerabilities and intrusions in real time.
You can also reduce the cost of responding to a breach because the information to track down the intrusion is recorded by your continuous monitoring program in system logs and is made available in one unified user interface.
In my view, continuous monitoring is more important than any other network security technology because it improves the security posture of all network components—not just high-profile assets. Continuous automated testing of a network’s defenses against a security policy is the best method to monitor the health and assurance of your network. Continuous monitoring can identify network vulnerabilities and reduce the risk of attack.
As our networks continue to expand with mobile computing, social media, the Internet of Things (IoT) and cloud computing, so do the threats we face. Our cyber adversaries are bright, well-funded and highly motivated. And with a new software vulnerability disclosed nearly once every hour, our network attack surfaces are only getting bigger.
Insider threat is a real concern for all organizations, not just financial institutions. Exploitable laptops of cloud users can be compromised and used to steal data from your network. Mobile devices used for both personal and work purposes come and go on your network, exposed to vulnerabilities for just a few fleeting moments. Embedded systems without keyboards, monitors or security measures can be infected under the radar; think smart building controls, printers and voice and video bridges.
Just as new threats materialize every day, new targets show up on our networks on a daily basis. And it’s clear the bad guys have the upper hand. By 2015, the current number of 10 billion devices will increase to 15 billion. There will be a greater number of cloud, mobile and virtualization technologies as well as new threats from insiders and attackers. If we stand a chance of defending our networks against today’s sophisticated threat landscape, we must think differently. Only a well-run, carefully managed network can achieve security that is obtainable and defendable.
The key to a well-run network is the ability to measure security risks accurately and in real time. A good continuous monitoring system should include:
- Sensors that enable the automatic discovery and security assessment of on-premises, mobile, virtual and cloud based devices and applications
- Active and passive vulnerability assessment of 100% of your assets, not just a sampling based on technologies or time
- Real time detection of malware, botnets, APTs, vulnerabilities and configuration issues that may imply intruders or compliance violations and that require rapid remediation
- Attack path analysis
- Collection, storage, analysis and correlation of logs from all devices and applications
- Proactive monitoring and reporting on your network’s compliance with a security policy
- Integration with your existing security ecosystem
According to a 2014 study by Forrester Research commissioned by Tenable Network Security, “organizations that have implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach compared to those that use periodic scanning.”
Continuous monitoring started with the U.S. Government, but is now vital to the private sector—financial, retail, healthcare, education and utilities. All organizations need real time inventories of their system assets. And they need continuous monitoring as new devices and applications come online.
Continuous network monitoring is not only a good idea, it is a necessity; it is the best preventive healthcare you can invest in.