Looking to Streamline Cybersecurity Management? Don’t Underestimate the Power of Network Visibility and Context

This article was contributed by Ron Davidson, VP R&D and CTO at Skybox Security

A lack of full network visibility is harming organisations’ ability to remediate the right vulnerabilities and effectively protect their environments from attack. Most large firms now have expansive, fragmented estates that are made up of multiple disparate network elements, including on-premise, cloud, OT and virtual networks. These are massively complex environments that, without network visibility, will likely be plagued with a number of dangerous blind spots and which, without understanding the context of vulnerabilities and assets, are difficult to manage.

When a security team doesn’t have full network visibility, it is almost impossible for them to know what they need to remediate or protect, further increasing the complexity of their workload. CISOs and their teams are struggling to deal with the evolving beast that is cybersecurity. As a result, the necessity for visibility and insight that’s informed by its internal and external threat context is glaringly obvious.  

Cybersecurity Management Simplified: The Role of Network Visibility and Context 

Silos run rampant throughout large organisations. Different areas of the network are managed by different security teams; it is becoming more common, for example, for an organisation to have one security team managing a single network, operations another and DevOps/DevSecOps a third. Some of the biggest, human-originated mistakes in security are caused by disconnected processes both between different teams and within established ways of working. The larger the business, the greater the potential for these types of issues to be prevalent. In the absence of a unified approach that’s informed by wider network visibility and context, it’s easy for mistakes to slip through the net. 

Although every team has their own distinct goals, day-to-day processes across the business still need to align with a unified goal. DevSecOps teams may have methods for “security in code” but if a service is altered then its compliance, and therefore risk status, may also change. That is why gaining complete network visibility is so crucial. In its absence, identifying and analysing vulnerabilities is a near-impossible undertaking. Having full visibility provides the CISO with the capability to dissect operational silos, achieve a thorough understanding of all ingress and egress points within their environment and begin to develop truly effective remediation strategies. 

Context is the element that helps to round out these strategies. When you fully understand the depth of the internal and external contexts that are influencing the security environment, you are then able to build a richer picture of network weaknesses that incorporates insight into how exposed each vulnerability and asset is to potential attack. Organisations that have a working knowledge of exposure levels are able to enforce targeted remediation practices. They know that the riskiest vulnerability may not be the one with the highest severity rating, but rather one that is unpatched and, if exploited, will allow an attacker to gain access to sensitive data. Working with context means working without speculation: when visibility and context are combined, security teams are able to work with focus and with confidence that can protect their assets and reduce their risk profile. 

Network Visibility Challenges 

While it is hard to debate the usefulness of visibility and context, reaching this nirvana is rarely a straightforward task. Firms, uniformly, are deploying technologies that are working to give them greater insight into their security environments. Take scanners as one ubiquitous example – although they are invaluable for identifying many flaws and weaknesses, they also miss too many blind spots, run scans too infrequently, and fail to reach many network areas (including OT devices).  

Scanners are great when they feed data into a wider, collaborative cybersecurity technology ecosystem and united management programme. This is a programme that should work to incorporate scanless assessments with tools that collect data to be normalised and combined with additional data sources, providing a precise vulnerability record in real-time. 

With this additional insight, understanding vulnerability and asset exposure can come easily. While it’s true that reaching this stage will take some time and effort to set up, having a more thorough understanding of every network element will prove invaluable for security teams working to lower their overall risk profile. 

Don’t Neglect Understanding Exposure

Remediation strategies are often determined by CVSS scores. Where a security team find that they have critical– or high–severity vulnerabilities within their infrastructure, it is only logical that they will automatically elect to remediate these before any medium-severity flaws. However, a medium-severity CVSS score doesn’t always mean an equal level of risk. Medium-severity flaws can build up unpatched within a company’s environment for a while; attackers are aware that this happens, hence why they prey on medium–severity vulnerabilities. 

And there are a mountain of likely-unpatched medium-severity vulnerabilities for attackers to take advantage of. It has been found that vulnerabilities with a medium-severity CVSS score now account for 40 percent of all new reports, according to research by Skybox Security. This percentage share is higher than the previous year when medium vulnerabilities represented 34 percent of those identified. 

Evidently, organisations face a conundrum. They don’t have enough resources to fix every single medium-severity vulnerability within their network on top of every critical- and high-severity flaw. If they have the ability to see which vulnerabilities are most exposed, irrespective of their severity level, then the correct patching can be carried out. Having an awareness of exposure empowers security teams to develop tailored remediation strategies that will prevent attackers taking advantage. 

Achieving context-rich network visibility is now vital. Hybrid security environments will become increasingly fragmented and the attack surface will only grow. Take the COVID-19 pandemic as an example. Employees have been forced to work from home, causing millions of office-based businesses to have to deal with an expanding network perimeter. This illustrates just how agile and responsive security teams need to be today. Organisations must have visibility to evade breaches, secure control, simplify cybersecurity management and safeguard digital transformation initiatives. Without visibility and context forming the bedrock of their cybersecurity programs, organisations could be forced to their knees. 

How can managers support workers post-pandemic? Tune into this week’s Tech Chat to find out.