Blog Network Security Without Visibility
30, 2017

There Is No Network Security Without Visibility


I have been in the security business for a very long time, both in the physical and logical realm. In my previous roles and in my current role with Consortium Networks, I often ask our membership about their top five security concerns. Invariably visibility, or lack thereof, is in those top concerns. 

Let me first clarify what I'm talking about. Visibility to the CEO or board is generally something very different than visibility for the SOC manager. A CEO may want to know how the company’s security posture compares to peer companies. However, in this instance, I'm talking solely about the visibility of assets in your environment. 

You have probably heard the adage “You can’t protect what you can’t see.” The CIS Top 20 security controls lists “Inventory of Authorized and Unauthorized Devices” as the number one control. Although I do not believe this list is prioritized, I think this is one of the most essential controls. So, what are some strategies and tools we can employ to achieve maximum visibility? 

First off, obtaining visibility should be the cornerstone of your overall information security strategy. As the title of this article states, there is no security without visibility. So, understanding the assets in your environment is paramount.  You must ensure you have the right tools in your environment, which provide real-time asset inventory or authorized devices.  Furthermore, these tools must provide alerts whenever unauthorized devices pop up on your network. I have been involved in audits that we have identified substantial shadow IT infrastructures with direct (unsecured) connections to production networks. 

The Risk of Network Security Without Visibility

I often ask members, “How many endpoints do you have in your environment?” After an investigation, the truth is usually 20 to 30 percent more than what the member thought they had. Situations like these put the entire enterprise at a significant risk. 

So, what do you need to address this challenge:

  • Senior leadership buy-in
  • Enforceable policy
  • A security strategy that includes asset management
  • The right tools
  • The right people

We'll assume that you have the senior leadership buy-in to take the necessary steps required to secure your environment (which would include asset management).  

The first logical step is the creation of enforceable policy detailing what types of assets are allowed/not allowed, asset tracking, how they are cataloged and the process for adding and removing/disposing of assets. 

Strategy - Asset management should be a key component of your overall information security strategy. Without a clear understanding of what devices (endpoints, servers, printers, etc.) are authorized to connect to the network, it is impossible to devise an effective security strategy.  Effective asset management will facilitate hardware and software management, license compliance, regulatory compliance, as well as security.  Therefore, it must be part of the overall security strategy. 

Tools - There are many tools that claim to map, categorize, catalog, track, alert on assets. One of the most significant benefits of membership to the Consortium is the ability to cut through the vendor noise and identify what is working for your peers and what is not. I have my opinion on tools that I think do the best job (and on those that I believe do not), but you can use our portal and review what the users are saying about the tools they use. This should help you make a more informed spending decision. 

People - Finally, you must build the right team. The pool of information security talent is shallow, and we all struggle with it.  Having the right team members, with the correct skills, in the right numbers, is crucial to every security program.  Attracting good talent is one issue, retaining that talent is another. Obviously, we must compensate appropriately. But also, we must provide other incentives to grow and keep our talent. Providing training, certifications, excellent working conditions, meaningful work, etc. will help retain the great talent you worked so hard to obtain. 

Building your security strategy must begin with merely knowing what is on your network. The explosion of IoT devices, BYOD, remote workers, contractors, etc. make this a daunting, but an important task. However, cybersecurity best practice and regulatory compliance demand that we have a firm grasp of assets in our environments.  

There are a number of tools that help automate the discovery of assets in an environment. These solutions range in price, complexity, and effectiveness. The Consortium Networks was developed to help you navigate through the maze of products and make the best spending decision for your organization. Reach out to us at contact@consortium.net for more information.


Get access to more content by becoming a member of Consortium today.


Blog Header Defendpoint Product Testing Report
02, 2017

Avecto Defendpoint | Standardized Product Testing Report


Avecto Defendpoint is an endpoint security product that seeks to combine privilege management and application control technology into a single agent capable of eliminating administrative rights across an enterprise. With privileges being assigned to applications rather than users, individuals can still access the applications they need to perform their jobs. Defendpoint gives users the same experience as administrators and collects data that can later be configured to develop a comprehensive end-user solution. But finding the right balance between user freedom and security can be challenging. Enterprises have multiple user types to balance, each which require a tailored endpoint solution that doesn’t compromise security efficacy.

Consortium Standardized Product Testing

Using standardized control objectives, Consortium performed independent product testing of the Defendpoint application. A series of injects against the testing (victim) system were performed by the Consortium assessment team. These tests included:        

  • Baseline system test (no security controls in place)
  • Product baseline (a high flexibility configuration)
  • Product tuned (a low flexibility configuration)

The Results

Avecto Defendpoint is a uniquely valuable solution for post-exploit protection of endpoints. Our full results include:

  • Raw testing data analytics
  • A full list of the injections used to test the product
  • Detailed findings and observations with screenshots from the HTTP shell from the attacker’s point of view

Get full access to the product testing report that includes the procedures and results from The Consortium’s standardized product testing of Avecto Defendpoint.

view-the-report.png#asset:2164


Get access to more content by becoming a member of Consortium today.