Skip to main content

In the Kingdom of The Blind, the One-Eyed Man is King

April 11, 2012

One of the biggest threats that we see in organizations exists across policies, procedures, and products. It’s completely agnostic of configuration, manufacturers, and customization. What do you think it could be?

The largest problem that I see in the security posture of most organizations is the lack of visibility into their infrastructure. We consistently add layers of security to mitigate the amount of compromised hosts, but do not usually invest in the products or time necessary to discover which hosts are already compromised. This does not take into consideration the violations of policies, loss of data, or leakage of information. Even with data leakage prevention (DLP) and application whitelisting systems in place, we have experienced instances where we have been able to bypass these systems.

The solution to this problem is dependent on your organization’s mission, priorities, budget, and time. Performing regular vulnerability assessments can give you a great deal of information (especially if you perform credentialed checks.) Security Information and Event Management (SIEM) systems and log correlation systems can parse, summarize, and alert based on events, anomalies or problems in the infrastructure. There are also application and user aware firewalls and network monitoring systems that can perform binary reassembly and transmission to a sandbox.

Overall, there are many ways for you to gain additional visibility into your infrastructure that can assist with security and monitoring.

One of the biggest threats that we see in organizations exists across policies, procedures, and products. It’s completely agnostic of configuration, manufacturers, and customization. What do you think it could be?

The largest problem that I see in the security posture of most organizations is the lack of visibility into their infrastructure. We consistently add layers of security to mitigate the amount of compromised hosts, but do not usually invest in the products or time necessary to discover which hosts are already compromised. This does not take into consideration the violations of policies, loss of data, or leakage of information. Even with data leakage prevention (DLP) and application whitelisting systems in place, we have experienced instances where we have been able to bypass these systems.

The solution to this problem is dependent on your organization’s mission, priorities, budget, and time. Performing regular vulnerability assessments can give you a great deal of information (especially if you perform credentialed checks.) Security Information and Event Management (SIEM) systems and log correlation systems can parse, summarize, and alert based on events, anomalies or problems in the infrastructure. There are also application and user aware firewalls and network monitoring systems that can perform binary reassembly and transmission to a sandbox.

Overall, there are many ways for you to gain additional visibility into your infrastructure that can assist with security and monitoring.

Related Blogs

February 28, 2018

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about contr...

See Details

February 28, 2018

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about contr...

See Details

February 26, 2018

The GDPR 90-Day Countdown is on! (No Need to Freak Out)

May 25, 2018 is a day that many organizations have (or should have) marked on their calendars as a game-changing moment for their business. That’s the...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.