In an article posted last week regarding strategy for IT security, EWeek journalists collated key “truisms” that never seem to fade away, regardless of change (LOTS of change) to the industry. Upon reading, we were keen to respond in kind as these truths resonated and aligned with specific 1E products. Let’s take a look at some of these findings and break them down:
The “throw-money-at-the-problem” approach doesn’t work.
For a long time, industries have been viewing Security as the guardian of the business: the part of the organization that keeps it safe from threats. A lot of money has been spent buying protection tools, however, attackers have been quick to find ways around them. As the EWeek team pointed out, the “throw-money-at-the-problem” approach doesn’t work. The new challenge presented is how to detect the attackers. There are a few tools on the market that can detect intrusions into your organization and alert you from it- but where these tools are weak is their inability to remediate the threats.
This is where Tachyon comes into the picture.
With its unique speed, Tachyon helps Security teams to investigate incidents in context. Context is very important to understand the scale of the incident. Once the incident has been investigated, Tachyon helps to remediate the incidents (in context) across the entire organization in real-time. Once the resolution is known and has been applied, then it can be incorporated into Tachyon to help the organizational learning. Then, it can automate the resolution in the future, should the incident arise again.
People are the weakest link
People create value, sure, but they also make mistakes.
It’s a well-known fact in the security space that often security incidents and data breaches happen due to people/employees. People are the weakest link, unless, you’re one of the few they can’t blame. You’ve probably even clicked on a seemingly innocuous link in an email or on a website that has resulted in a download of malicious software onto your computer. In some other cases, people work around IT policies to get their work done faster. An employee might install non-IT approved software that has known vulnerabilities that can be exploited and is unknown to IT Security. (You wouldn’t do this though, we’re sure of it)
Again, here’s where Tachyon comes in!
Tachyon is uniquely positioned to discover and prevent this as we quickly find all installed software in an environment and report on it. If an employee doesn’t handle data according to IT Security policies, they might expose the information to data loss. A simple example here is an employee storing files on their local system instead of in OneDrive. If the computer crashes or is stolen the information is lost. Tachyon can again prevent this by checking the storage of files across the entire organization.
Employees also serve as your first line of defense
It may seem obvious that updates should always be applied and computers rebooted frequently to ensure all the updates have been completed. Sadly, that isn’t always the case in the real world: end users have got work to do and they don’t want the disruption of installs & reboots while they’re working. They may also fear how long a reboot may take – we’ve all seen the restarts after a “patch Tuesday” with Windows 7 that could take hours to complete. There is no way to avoid it but updates have to be applied and systems restarted as regularly as possible to keep a high level of security and reduce the impact of each update step. This is very similar to the agile or continuous delivery processes many teams are now adopting – many, small updates deliver features faster and with less disruption/risk than bug updates only applied once per year.
Patching makes perfect
Keeping OS and apps up to date is a challenge – there’s a vast number of updates, the updates can be pretty large and companies usually have a pretty poor understanding of what apps have been installed. An early step in a remediation plan is to get a grip on what apps are deployed – not easy when the config management solution might list thousands of “apps” but only 1 in 100 may be relevant and many will be known by multiple names. So, you need to get some rationalization of the list of apps that are out in the organization before you can take some action. That action should start with removing apps that aren’t being used (known as “application sprawl”) and then ensuring those that are actually needed are kept up to date. It’s no surprise that this is exactly where WSS & App Migration come in to play.