Why is a single CyberSecurity Situational Awareness view important?
Posted by
Ian Murphy on Mon, Nov 21, 2011 @ 11:04 AM
With all the news of CyberSecurity and how national goverments plan to approach this topic with repsect to protecting national assets, I thought it useful to explore why a single view of one's security infrastructure is important.
As we know from history, most incidents are the result of either misconfiguration and/or poor patching. More and more this is giving those willing to put the time and effort into accessing your vital data assets the ability to do so without much skill on their part.
But surely all this boils down to visibility and being able to spot the holes before the bad guys doesnt it? If so why aren't we doing anything to improve this visibility? Not being able to see it, does not mean it is not happening and it does not mean that no one else hasn't noticed it either.
Being able to create alerts and monitor situations that lead to these hacks would of course be of great interest to those affected organisations. But even as we hear today of another hack, this time on a high profile SCADA system, why are we still so reticent to improve our vision to what is going on in our networks?
I would argue that for most organisations ignorance is still bliss. I do not think this is a deliberate approach, but the lack of an ability to provide an easy way to collect, analyse and visualise the data in a consistent manor is a major stumbling block.
With providing the ability to pull any and all relevant data into a single configurable view that aids the viewer in spotting emerging issues we can begin to build the business case for situational awareness.
Clarity of vision, simplification of reporting, improved decision making capabilities, awareness of threat exposure, alignment to business objectives and ultimately defensible and auditable security based governance are to name but a few of the benefits of having a single view.
For more information on CyberSecurity Situational Awareness (CyberSSA) and how to build a single configurable view click on the button below:
.