11 Reasons to Choose an Automated Security System

 
 
By Karen A. Frenkel  |  Posted 12-22-2014 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Why Intruders Compromise Networks
    Next

    Why Intruders Compromise Networks

    Enterprises are vulnerable because they identify risks—such as rogue devices, noncompliant systems and other vulnerabilities—too slowly. Their security systems were not designed to operate at the speed organizations need.
  • Previous
    Built-in Assumptions of Security Systems
    Next

    Built-in Assumptions of Security Systems

    Most security systems are based on weekly, monthly or quarterly polling. They may assume active host management, or the systems wait to detect large or anomalous traffic from devices.
  • Previous
    Incomplete Identification of Risks
    Next

    Incomplete Identification of Risks

    There are many reasons why a company's IT tools do not identify all the risks on its network. Changing endpoints account for some of the problem.
  • Previous
    Transient Endpoints
    Next

    Transient Endpoints

    Endpoints are increasingly transient and often are not on the network when a vulnerability scan is performed. This results from both BYOD and the increasing use of dynamic virtual workloads.
  • Previous
    Endpoints Owned by Someone Else
    Next

    Endpoints Owned by Someone Else

    Enterprises increasingly do not own endpoints, so they are not protected by an onboard management agent. If an organization expects endpoints to report the configurations and applications they run, BYOD Windows and Mac OS devices risk blind spots. Android and iOS fare better because of mobile device management systems.
  • Previous
    Over-Reliance on Security Agents
    Next

    Over-Reliance on Security Agents

    Most companies rely on several types of security and system management functions, but they don't always work properly. They become misconfigured, are attacked, grow out-of-date, get uninstalled or are disabled. When the agent is missing, the organization is unaware of risks to the endpoint system.
  • Previous
    Incomplete Understanding of IT Risks
    Next

    Incomplete Understanding of IT Risks

    Without real-time, independent and comprehensive information about endpoint status, organizations cannot fully understand their IT risks. ForeScout estimates that 20% of IT security managers are unaware of devices on their networks, and that 30% of endpoints contain configurations or vulnerabilities unknown to IT.
  • Previous
    Detection of Breaches Is Too Slow
    Next

    Detection of Breaches Is Too Slow

    "Dwell time," the median interval in days between a malware infection and its detection, can be as long as 229 days. Why is detection so slow? Organizations rely too heavily on blocking-based and signature-based mechanisms for protection.
  • Previous
    Response & Containment Are Too Slow
    Next

    Response & Containment Are Too Slow

    Many tools IT pros use don't have automated, policy-based remediation or containment, so IT may be swamped daily with hundreds or thousands of alerts. Similarly, vulnerability assessment systems, as well as security information and event management systems, typically are not automated. This contributes to slow responses.
  • Previous
    Poor Coordination Across Systems
    Next

    Poor Coordination Across Systems

    Enterprises usually have a layered defense strategy, but that can lead to separate silos of controls and information. If these tools don't properly communicate, critically needed synergies don't happen. Lack of automated mitigation mechanisms and a lack of policy-based automation increase IT operational costs and exposure.
  • Previous
    IT Complexity Is a Factor
    Next

    IT Complexity Is a Factor

    IT security systems have not adjusted to how systems have evolved. As a result, security managers lack complete knowledge of who or what accesses their networks. Furthermore, they enforce endpoint integrity, mitigate risks and contain exposures inefficiently because processes are too slow and manual.
 

Security tools, systems and practices are too focused on management agents, periodic assessments, disparate point solutions and manual response processes, according to a whitepaper by IT security firm ForeScout Technologies. The report states that enterprises must change their security architectures in favor of continuous, automated monitoring to "better align with today's complex, diverse, dynamic IT environments and burgeoning threat landscape." Below we highlight the problem, as analyzed in "A Blueprint for Pervasive Network Security." What can you do about it? ForeScout recommends that enterprises provide security architectures that emphasize continuous monitoring of all users, devices, systems and applications on their networks, including unmanaged transient and noncompliant devices. Furthermore, the company suggests integration between multivendor security and management systems to share security intelligence and enhance control. Also essential are fast, automated responses to violations, exposures and indications of breaches.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...