September 10, 2015

Visibility, visibility, visibility.

The Hygiene Problem in Information Security

I saw a great post the other day, referring to what we *should* be doing in information security, rather than what we are *actually* doing.  Basically, it was hand washing versus putting on a full biohazard suit.  And this struck me as exactly right.  Why do we continue to look for the next cool technology, a 1U Flameinator9000 with lots of blinky lights that will fix all our problems, when we haven't taken the time to take care of basic hygiene ourselves?

Why We Overlook the Basics

One of the problems is just that--time.  Or resources.  Or however you want to put it.  Buying things can be relatively easy compared to, you know, actually doing work.  It's certainly more fun!  But when has a technology ever completely solved a problem for you?  Think about that for a minute.  I'll wait.

Here is a good example of a basic security activity that isn't fun, isn't sexy, turns out often to be harder (logistically) than expected, and while it may be "free" (as in beer) it can consume vast amounts of resources:  vulnerability management.  Vulnerability management is the detection, identification, triage, risk analysis, and remediation (or not) of vulnerabilities in your environment.  This is something so fundamental to good information security, it seems insane not to have a robust vulnerability management program.  You don't necessarily need to buy anything, either, although tools can certainly make the care and feeding of your VM program less onerous.  And yet, how many mature organizations don't do a good job of vulnerability management?

Achieving Full Visibility: The First Step

So here's a rallying cry of "Back to Basics" for all the InfoSec teams out there.  And I'll throw my thesis at you now that we are in the fourth paragraph, assuming you've read this far already:  You cannot possibly be effective at information security unless and until you have achieved full visibility.  This is the single most basic, foundational aspect of an information security program.  And it is neglected by nearly everyone I've spoken to.

What do I mean by "full visibility"?  Think about what you are trying to protect: data.  Where does it live?  How does it move, and to where?  How is it accessed?  Who has accessed it?  If you cannot answer any of those questions, at any phase in the data lifecycle, you have not achieved full visibility.  

Turning Logs Into Actionable Insights

The great news is that most what you need to answer those questions is available, usually for free, in the form of logs.  Turn up the auditing and let the information spigot start flowing!  Define what auditing settings you need, across every category of application and device in your environment.  Apply them by policy.  And get all that information into one place.

Now, of course, you are drowning in logs and data.  You have a big data problem, in that you have lots and lots of data, and you need to unlock the useful information in that data.  Luckily for you, this is where product can come in handy.  There are great OSS solutions, but even with some of the best commercial solutions, the value is in correlating log data with network data to determine anomalous activity.  But this is where you start.  Visibility, visibility, visibility.

Coming next:  ok, I've got visibility.  Now what?

Joshua Brown
Chief Information Security Officer | Advisory Board Member | Author | Mentor | 2X Top Global CISO

Don't miss these stories:

January 21, 2025
The Real (Business) Value of Cybersecurity

Cybersecurity done right is a business enabler, not a hindrance. By focusing on five key areas, you can position your cybersecurity program to drive business differentiation, collaboration, and better business outcomes.

January 9, 2025
Great Leaders Must Develop Emotional Intelligence

Emotional intelligence (EQ) is not a soft skill--it's the hardest skill for leaders to develop. Without it, you may be a boss, but you won't ever be a leader. To create great outcomes, you need to inspire and elevate those around you. Here are some areas to focus on as you develop and mature your own EQ.

December 27, 2024
Building High-Performing Teams: The Foundations of Trust, Clarity, and Collaboration

High-performing teams don’t happen by accident—they’re intentionally cultivated. By establishing clear expectations, fostering trust, empowering team members, and prioritizing collaboration, leaders can create a culture where teams thrive. This blog explores actionable steps and strategies to help you build a high-performance culture that drives meaningful outcomes.

HomeAboutSERVICESBLOGCONTACT

Copyright ©2025 Digital Defense Consulting