Effective asset visibility remains out of reach for many IT security teams
- 19 September, 2017 03:01
Digital transformation has converted IT infrastructures from perimeter-based environments to a boundaryless mix of modern and traditional devices hosted both on-site and in the cloud. Faced with this rapidly evolving IT infrastructure, many security teams struggle to maintain visibility across the new elastic attack surface.
The elastic attack surface expands and contracts minute by minute, just like a living organism. This has led to massive gaps in an organisation's ability to understand its cyber risk at any given time -- we call this the Cyber Exposure gap.
The challenges are occurring on two different fronts. On one hand, trends such as SaaS and cloud migration, coupled with technological changes such as IoT, containers and web applications, are exposing networks to new and unanticipated risks. On the other hand, we see formerly isolated infrastructures such as supervisory control and data acquisition (SCADA) and other types of operational technologies (OT) now being connected to IT infrastructures, expanding the attack surface even more.
This convergence of IT and OT is making the CISO’s job even more difficult, as the business and its infrastructure evolve faster than the security organisation can keep up.
The modern enterprise environment is dynamic and boundaryless with virtually unlimited connectivity. Organisations of all sizes have embraced digital transformation as a way to make themselves more competitive and agile in today’s digital economy. Adoption of new development methodologies such as DevOps has made it possible to quickly move from an idea to running and deploying software on a daily basis. What used to takes months to implement now takes mere days, or even hours.
At the same time, we have a slew of new network connected devices becoming mainstream technologies, such as building control systems, cameras, audio devices and conference systems, all of which contribute to the expanding elastic attack surface. Yet, most security organisations don’t even understand the full inventory of such devices that exist on their networks.
While some argue that these digital technologies are the future, they’re actually well established in the present day. In fact, according to BI Intelligence, by 2019, there will be over nine billion IoT devices deployed in the enterprise and over 90 percent of organisations have applications running in the cloud today.
Evolving Operation Technology
The attack surface is also increasing on the OT front. Here, devices such as industrial control systems (ICS) and SCADA systems are causing growing concern.
Most ICS and SCADA systems were designed to work in isolation, and therefore come without significant built-in security. Recently, however, many organisations have realised that some of these systems contain valuable information and have started to connect them to their networks to extract the data.
Since these systems were designed with little-to-no thought of security, they’re quite brittle and can be easily compromised. Additionally, these devices may be unpatchable, meaning that potential vulnerabilities cannot be removed.
Security teams are thus faced with the massive challenge of ensuring every OT device within their remit is visible and secure at all times. It's a task that cannot be taken lightly as attacks against OT devices typically impact the physical world, and aim to take down critical infrastructure including power grids and transportation infrastructures.
Convergence of IT and OT
The clear challenge for security teams is developing methods to effectively manage both the IT and OT components across their organisation's infrastructure. Many are already taking the challenge seriously.
According to a recent Gartner report, “By year-end 2017, over 80 percent of enterprises with significant operational technology (OT) assets will complete the restructuring of their security governance and management organisations to encompass IT, OT and physical security requirements.”
Many will also look to deploy comprehensive security platforms, such as Tenable.io, that can provide a unified view IT, OT and IoT across the full range of traditional and modern assets.
By taking a holistic, modern approach to security, supported by appropriate tools, security teams can ensure rapidly evolving IT infrastructures remain secure without restricting the flexibility that the modern work environment requires. Security teams can also be best placed to discover and manage the growing number of IoT and OT devices that are quickly becoming an integral part of modern business.