Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many organizations think that buying lots of security solutions and deploying them will make them secure. However, just having a security tool running does not make an enterprise secure. Let’s take a look beyond tools to the way security teams can take a more holistic approach.
Why Enterprise Security Tools Aren’t Enough
Having some kind of digital defense is better than having nothing, and most security solution providers have some very sensible vanilla set-up solutions. However, these security systems are nothing more than tools, usually focused only on a narrow segment of the risks an enterprise faces.
Those tools can’t work alone. Their makers do know this: over the years most of them have become very good at producing data feeds that can be fed into SIEM and other tools in an attempt to weld different views together to spot more subtle forms of attack.
Even this approach is incorrect. For example, I have circuit breakers in my house to protect my family from an electrical fault; however, if I ignore a frayed or worn-out cable, there’s still a high risk of damage. I cannot just assume the safety measures will protect me from all ills. In the world of enterprise security, using software that is past its end-of-life date and no longer capable of being patched generates huge risks for the business.
Plot and Characters: How to Train Beyond Tools
When writing a novel, one of the most important aspects is to know who your characters are and what they want. In cybersecurity, the equivalent is making sure your people can do their jobs. Teams can be lulled into the false idea that the answer to every risk is another tool. With more and more security tools hitting the market every week, it is easy to think that way. While you do need some tooling, a sound defensive strategy aligned to meet the overall needs of the business is more important.
In addition, teach the security operations team to be curious and thorough. Measure them not on the number of tickets they process every day but on how well they answer the questions of who, what, when, how and why.
5 Security Tools You Do Need
To answer those questions well, the same cybersecurity assessment tools we needed 20 years ago are still just as important. Don’t forget:
- Up-to-date asset database — including patch levels
- Data discovery — to know what and where your critical data is
- Network visibility — to know who and what are on your systems
- Identity governance — with as much automation as possible
- Access management — even more important in these days of zero trust architecture
Some organizations still don’t know where their critical data is or what data is critical. With the cloud making it easier for anyone to spin up new infrastructure, this problem is only going to get worse.
Bringing Enterprise Cybersecurity Together
So, what is to be done? Remember, enterprise security is not about deploying and maintaining tools. It is about knowing how your business runs, what data and apps are vital for it to add value to its customers, fostering a strong risk management strategy to protect those assets and using the tools you have to see what is going on.
Having a pen and paper on your desk will not produce a blockbuster novel by itself. Likewise, having a handful of security tools, even those considered market leaders, will not make your enterprise secure. Armed with the knowledge of your critical data and systems and a security strategy, you have what you need to protect what matters.
Associate Partner, IBM Security