The IT architectures of many organizations are changing as BYOD, cloud and social media continue to affect the way businesses exchange information. As the control over their data and applications decreases, organizations must adjust the way they approach security, which has become a business differentiator rather than a standalone IT activity.
It is in this context that Tenable recently connected with IDC to produce two papers, an Analyst Connection1 and Technology Spotlight2, that discuss the role of continuous network monitoring in this new age of security.
Robert Westervelt, IDC Research Manager of Security Products, authored the Analyst Connection, which features a question and answer dialogue between Westervelt and Tenable on behalf of our customers.
According to Westervelt, a continuous network monitoring program utilizes automated and manual processes while also aggregating log data from across the network and various endpoints. The “forward-leaning organizations” that IDC spoke with relied on passive as well as active vulnerability scanning to detect critical vulnerabilities, misconfigurations and malware. The information found from log aggregation and vulnerability management must be supplemented with incident response and asset and configuration management data to provide a holistic view of an enterprise’s IT environment.
Continuous network monitoring provides the context that enables organizations to increase their situational awareness
Westervelt also discusses how the increasing number of prominent breaches over the last year has forced organizations to reassess their security approaches. The ability to aggregate contextual data is essential and continuous network monitoring provides the context that enables organizations to increase their situational awareness and develop faster responses to security incidents when they occur.
Quantifying the value of security is often a difficult task. However, Westervelt identifies several benefits that organizations can expect from continuous network monitoring. An organization with a continuous network monitoring platform can improve their agility and create a security program that is proactive rather than reactive, identifying security holes before they are exploited.
Increased visibility gives organizations a complete understanding of their security posture
Increased visibility gives organizations a complete understanding of their security posture at all times and allows IT managers to allocate resources most effectively. When an organization is able to put all of the components of a continuous network monitoring program in place and maintain those respective components, the program could provide a competitive advantage.
The Technology Spotlight highlights SecurityCenter Continuous View™ and its continuous network monitoring capabilities in relation to the Third Platform of IT, which IDC defines as incorporating, “traditional technologies and networks with clouds, social media and mobility.” The Third Platform of IT has made it difficult for organizations to meet their user’s security expectations, as these users continue to bring new devices into the IT environment.
Despite the advancements of modern security systems, breaches are still occurring, partially due to a lack of prioritization and investigation into alerts, as well as process breakdowns. A security program in today’s IT environment must be able to provide unparalleled visibility, identifying all assets within an organization and communicating security information across the enterprise so that the most immediate risks and can be identified, prioritized and remediated.
Continuous network monitoring is not simply continuous scanning
Continuous network monitoring is needed to develop innovative security programs that integrate people, processes and technology into an organization’s security strategy. Continuous network monitoring is not simply continuous scanning; it is monitoring the network in real time to gain a complete picture of all assets while identifying their weaknesses so they can be mitigated to minimize the attack surface.
SecurityCenter Continuous View
According to the paper, “SecurityCenter CV enables enterprise IT to continuously measure and visualize the effectiveness of its security program to provide assurance that an organization’s security team is addressing the highest-priority security problems facing the business at any time.”
SecurityCenter Continuous View customers are able to take advantage of comprehensive visibility into their security programs thanks to analytics, dashboards and reports that provide insight into vulnerabilities, threats and compliance status.
Tenable’s Assurance Report Cards (ARCs) ensure that Chief Information Security Officers (CISOs) and security leaders can define their security objectives in clear and concise terms, and communicate the effectiveness of their security investments in a way that is easily understood by C-level executives, board members and business managers.
1. IDC Analyst Connection: The Role and Value of Continuous Security Monitoring, October 2015
2. IDC Technology Spotlight, sponsored by Tenable: Guarding the Third Platform of IT with Continuous Security Monitoring, October 2015