At the recent Gartner Security & Risk Management Summit in Washington, I had the opportunity to speak on the panel, “Your Earliest Possible Warning System – Understanding Endpoint Security.”
During the discussion, I noted that the foundation of any endpoint security program is visibility. This visibility should extend throughout an enterprise’s network and devices. I often say that in order for today’s organizations to solve the security problems they’re encountering, they first need to solve their visibility problem.
I made the point that where most organizations fall down is that they don’t have eyes on the glass. You could have the best technology in the world, but you still need those eyes on the glass. When you solve the visibility problem, all the skeletons leap out of the closet. You will find a lot of stuff in your environment that you had no idea was there.
I think it’s imperative for IT security teams to not only have visibility throughout their enterprises but also to pay constant attention to the feedback that adequate visibility provides.
To that end, I very much agree with fellow panelist Barry Hensley, who said that effective security organizations have created a “hunting” approach. Hensley, who serves as the executive director for Dell SecureWorks’ Counter Threat Unit explained that “hunting” means constantly being on the lookout for adversarial activity on the enterprise.
Hensley’s “hunting” approach, like that of many of us working in today’s security world, reflects the “inevitability of compromise” we all face. Better stated, we all should be working under the assumption that we are under attack at all times.
Endpoint solutions that provide constant feedback (the “next generation of endpoint solutions” as they’ve been called) enable security teams to establish good telemetry from their endpoints and their network.
Always-on visibility is essential to cutting detection and response times—and increasing their effectiveness. When you can lower detection and response times, you, as the defender, are taking the power away from an attacker and regaining the home field advantage.
There’s no question that it is a battle space out there. But with effective visibility into what’s happening on every endpoint, it is a battle that your team can win.
By Nick Levay, CSO, Bit9 + Carbon Black
Nick Levay is chief security officer of Bit9 + Carbon Black. His responsibilities include managing the company’s security operations center (SOC), setting security strategy, and ensuring that in-house security and threat intelligence functions are aligned with product development. In addition to his operational role at Bit9 + Carbon Black, Levay is a leading voice in the security community regarding best practices for running security programs and implementing cutting-edge technology.