How Gaps in Pen Testing and Intrusion Detection Paved the Path to Continuous Monitoring

Last week I had my annual physical, with the goal of checking the big things—heart, cholesterol, blood pressure. I also had an ache in my foot that had caused me some trouble running, but which I had largely ignored. My doctor recommended a foot x-ray. The diagnosis--a bone fracture. Had I kept running, the fracture would have worsened, I would have stopped exercise altogether, which undoubtedly would have hurt my ability to protect the big things—heart, cholesterol, blood pressure.

An annual trip to the doctor is my norm. But imagine a scenario where, rather than starting at a place of health, your systems are under constant attack. This is the situation with networks. And it’s even more complex as our networks now encompass not only on-premises systems but virtual, cloud and mobile environments.

Continuous monitoring is the single best protection an organization can implement to protect network health, all while taking advantage of the efficiencies and agilities the new IT landscape offers. In my view, it’s more important than any other network security technology because it improves the security posture of all network components — not just high-profile assets. Tenable Network Security recognized many years ago that continuous automated testing of a network’s defenses against a security policy is the best method to monitor the health and assurance of your network.

Continuous monitoring is the single best protection an organization can implement to protect network health.

As our networks continue to evolve in response to mobile computing, BYOD, social media, and cloud computing, so do the threats we face. Our cyber adversaries are bright, well-funded, and highly motivated. And with a new software vulnerability disclosed nearly once an hour, our network attack surfaces are only getting bigger.

As information security professionals, we live in a cat-and-mouse world. And it’s clear the bad guys have the upper hand. By 2015, our current number of 10 billion devices will grow to 15 billion. There will be an increased number of cloud, mobile and virtualization technologies as well as increased threat from insiders and attackers. If we stand a chance of defending our networks against today’s sophisticated threat landscape, we must think differently.

I started my career as a vulnerability researcher and penetration tester for the U.S. National Security Agency (NSA). Like most pen testers, my team was consistently able to compromise our customers’ networks and identify both immediate and long-term security issues that were not being addressed. And unfortunately, repeat visits down the line didn’t show much improvement.

By 2015, our current number of 10 billion devices will grow to 15 billion

As a point security measure, I realized that penetration testing didn’t have a strategic impact on the people we were helping. This influenced me a great deal when I wrote the Dragon intrusion detection system (IDS). Knowing how difficult it was for organizations to run a secure network, I wanted to develop a technology that detected attackers with little-to-no human intervention. Dragon was very successful and detected lots of attacks, but the high volume of attacks allowed some attackers to fly under the radar. Well before 2000, attackers were evading not only network IDS, but also firewalls and antivirus platforms.

So, when I co-founded Tenable Network Security in 2002, I had the mindset that there were no easy or quick solutions to solve our security problems. Only a well-run, carefully managed network could achieve security that is “obtainable and defendable,” which is the very meaning of the word tenable.

The key to a well-run network is the ability to accurately measure security risks in real time. Over the last decade, Tenable has heavily invested in game-changing security innovations, including passive vulnerability assessment, log analysis, many tight integrations with the security ecosystem and advanced threat detection technologies that fuel our continuous monitoring solution. We have incorporated new types of sensors that allow for the automatic discovery and security assessment of networks that span traditional IT systems, mobile users, virtual networks, and cloud-based applications. We’ve also pioneered how to take this data and leverage big data analytics to automatically report your network’s compliance to a security policy.

The key to a well-run network is the ability to accurately measure security risks in real time

Today, our award-winning solution SecurityCenter Continuous View™ allows for the most comprehensive and integrated view of network health and has earned the trust of thousands of companies and government agencies around the world, including the entire U.S. Department of Defense.

For those of you in Las Vegas this week for Black Hat, I invite you to visit Tenable at booth 741 where we will be giving presentations on continuous monitoring, virtual and cloud deployment security, and much more.

And for frequent visitors to our website, today you might notice a new look that reflects our place in the market as the industry leader in continuous monitoring. I invite you to explore resources like our new whitepaper and a technical paper on the topic.