Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Security and IT Controls

One of Tenable's advisors, Gene Kim, CTO of Tripwire and lead researcher of the IT Process Institute's "IT Controls Benchmark Survey", was recently interviewed by Richard Stiennon about how IT Controls not only help run networks more efficiently, but how they can make a network more secure.

The survey lasted several years and included input from 98 organizations. A focus of the survey was measuring metrics such as "change success rates", "percent of unplanned work", "projects completed", "managed applications", "server to admin ratios" and so on. Each organization was also interviewed to see which IT controls they had implemented. Based, on the results of the metrics, each organization was assigned into a "high performer", "medium performer" or "low performer" group. For example, a "high performer" on average had a "server to system admin" ratio which was 2.5 times greater than a "medium performer" and 5.4 times greater than a "low performer".

In other words, they had a lot more efficiency. The study attempted successfully to correlate the premiss that an organization that implemented IT Controls was better off than another one which didn't. The report focuses on which controls are the most effective at maintaining an efficeint network. However, the report also found some very significant differences in the security posture of a "high performer" as compared to a "low performer". These included:

  • only 1/5th of intrusions turned into a loss event such as bad publicity or financial loss
  • detection of the intrusion was with automated controls, as compared to something like a customer calling in with a complaint
  • mean time to detect was minutes and for low performers, the detection time was measured in days and weeks

Another finding of the research was that all "high performers" had two controls implemented that none of the "low performers" had. These were:

  • a process to monitor for unauthorized change
  • defined consequences for intentional un-authorized change

Both of these are deterrents for system administrators, developers and end-users from making changes to their systems, applications and networks.

If you are a Tenable customer, our products can help look for many types of changes which occur on your network.

  • The Security Center automatically can generate an email of any new vulnerabilities which have occurred between two successive active Nessus scans.
  • The Passive Vulnerability Scanner can monitor network traffic for evidence of new systems and applications 24x7 with no impact.
  • The Log Correlation Engine can look for evidence of changes to users, systems and network devices, as well as also parse logs from change detection software such as the PVS and Tripwire.
  • The Log Correlation Engine can also alert if there is unauthorized activity outside of an official change management window.

There are many forms of IT controls. One of them is ITIL which stands for the IT Infrstructure Library. This library is very comprehensive. A very popular "best practices" guide named the "Visible Ops Handbook" has helped many organizations understand how ITIL can be implemented. Tenable has written a white paper named the "Network Security Implications of Visible Ops". This paper examines how active network scanning, passive network monitoring and log analysis can all be used to look for unauthorized change.

Tenable has also written an extensive paper which covers COBIT and ISO 17799 IT controls monitoring. This paper is named "Real Time Compliance Monitoring" and is available to existing Tenable customers and qualified potential customers. Please email [email protected] if you are interested in this paper.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training