Continuous Security Monitoring Keeps Getting Harder
“Continuous security monitoring” is a term you’ve heard time and time again. And, while you may be tired of hearing the term, the fact is that continuous monitoring is vital when it comes to mitigating risk, protecting critical assets and meeting compliance demands.
Unfortunately, continuous security monitoring has become more and more of a challenge given that today’s networks no longer have a defined perimeter, but rather ever-evolving and dissolving network boundaries due to the rise of cloud and mobile computing.
This growing attack surface is a cyber criminal’s dream and a network defender’s nightmare. The bad guys need to find only one weak spot, while you’re tasked with defending against all potential weak spots. That’s definitely not a fair playing field.
So where do you start? Well, to state the obvious, you can’t monitor what you can’t see, so getting visibility into who and what is connecting to your network is the first step. Automated asset discovery is one of the most essential capabilities for a continuous security monitoring program.
But, it’s not just knowing which assets are running on your network; you need to know what software and services are installed on them, how they’re configured, and whether there are any vulnerabilities or active threats being executed against them. Constant application updates and changes to application and system configurations can introduce vulnerabilities and leave you susceptible to an attack, even if you are keeping your security controls up to date.
This brings us to step two in continuous security monitoring: continuous vulnerability management.
Let me take this opportunity to throw in a frightening stat. According to the National Vulnerability Database (NVD), more than 14,700 vulnerabilities were reported in 2017, doubling that of 2016. Needless to say, vulnerability management is an ongoing process, and, therefore, by its very nature, an essential part of any continuous security monitoring initiative.