2 weeks Ago
Dewayne Hart is SEMAIS President and CEO. Despite investing in and modernizing enterprises, critical exploits and cyberattacks continue to disrupt operations. Businesses are now experiencing extreme pressure and tight deadlines to remediate vulnerabilities.
This is no easy task with vulnerabilities constantly increasing . To remediate these issues, businesses must understand blind-spot detection. Blind spots are critical IT areas that represent unknown, untreated or overlooked security issues.
For example, businesses often overlook issues within their IT asset inventory and their security state, as exploits are often not discovered until after a cyberattack. In this article, I will outline strategies for eliminating security blind spots and how businesses can improve their cyber protection program. ‘Your Money Is Being Wasted’—Tesla Billionaire Elon Musk Declares ‘Financial Emergency’ As $35.
7 Trillion ‘Debt Bomb’ Primes A Bitcoin Price Boom To Rival Gold Google Warns Of New Android And Windows Cyber Attack—1 Thing Stops It CNN Bans Conservative Panelist After He Tells Journalist Mehdi Hasan ‘I Hope Your Beeper Doesn’t Go Off’ System Discovery And Inventory While supporting clients and consulting on cybersecurity, I've found that many organizations manage their asset inventory based on assumptions. In fact, inventory requirements are often unmanaged, and many companies assume cyber tools and reporting provide accurate results. The initial stage of blind-spot detection is to examine the asset inventory by performing a discovery scan.
As devices change and become visible, endpoint detection tools are supposed to capture their attributes, vulnerabilities and location details. But this strategy doesn't work when systems are offline. Assets must be online and networked before executing a discovery scan.
Then, if the discovery process continues to fail, the devices or scanning tools are probably misconfigured. Addressing Misconfigurations Misconfiguration is another major area of concern. Most systems have settings to identify rogue devices, last updates, malware status, unpatched systems or system downtime, but misconfiguration is when these tools are not properly configured.
Misconfigurations can be overlooked due to improper assessments or issues with the tracking tools' connection. In a standard environment, tracking tools sync devices every 24 hours. When device sync fails, the information is captured within logs and reported as inactive.
This is where the disconnect with human-based analysis occurs, as humans often overlook inactive assets. One way businesses can gain visibility into vulnerabilities is to deploy endpoints with agents. Agents are specialized software components installed on devices for performing malware checks, log analysis, vulnerability scanning or asset tracking tasks.
Tenable, CrowdStrike, ServiceNow and SCCM are a few of the vendors that offer agent-based products. Cyber defenders should also perform daily health checks to validate agent-to-device connection status. Another important step is to actively monitor vulnerability scan results.
The results will indicate whether a device was networked and fully scanned. Investing In Security Automation Cybersecurity discussions often highlight risk discovery, attack surface management and increase cyber visibility as steps to reduce blind spots. These are all crucial aspects, but security automation also warrants deeper discussion.
With the number of vulnerabilities and assets changing, organizations cannot depend on manual analysis. They must transition their detection and management tasks to automated or hybrid environments. When speaking at events, I often speak about cyber visibility, something that is difficult to achieve without automating aspects of blind-spot detection.
As organizations onboard assets and applications, they often find it challenging to manage ownership, location, status and risk state. They need cyber visibility to help detect, prevent and remediate blind-spot issues. Implementing cyber visibility is a processed-based task, but it works best when automation is included.
Today, for example, AI-enabled detection tools can accelerate the analysis process and support adaptability since asset vulnerabilities and locations change rapidly. Also, transitioning to the AI-SOC architecture can significantly reduce blind spot issues. Understanding What Should Be Reported Many C-Suite professionals leverage reporting to determine their board-level protection plan.
These plans explain risk indicators and where the enterprise is vulnerable. In my book, The Cybersecurity Mindset , I emphasized the need to reduce "green reports," which is where metrics and information are falsified to satisfy management, such as by removing assets to increase scores. Many C-Suite professionals have probably been down this path and discovered inaccuracies in their reporting structure.
To solve this challenge, organizations should schedule working sessions with executive managers to determine reporting requirements. During these sessions, management can explore various reporting options and then have the subject matter experts develop the reports. It's imperative to ensure that whether discovery, configuration and automation are operating correctly is included in the reports.
If not, the issues with blind spots will persist. The reports should also include a variety of security metrics and operational status updates, such as information on total assets, vulnerabilities and discovered malware. Why There Is More to Be Done Blind spots are a major security concern.
As threats continue to escalate and assets change, businesses must have a firm grip on their inventories. This is not an overnight task, but businesses can efficiently strategize and plan to continuously monitor their enterprise. Beyond discovery, misconfiguration, automation and reporting, more needs to be done with continuous monitoring.
Data still has more to offer in terms of advanced insight into inactive assets, malware and vulnerable instances. Our goal is to reduce risk, so let's minimize blind spots and remember, "You cannot protect what you cannot see." Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.
Do I qualify?.
