25 Jul Q&A with Tanium
Rami Mashal, Regional Director, Middle East at Tanium, talks to Security & Fire Africa about the issue of visibility in cybersecurity.
Why is the visibility of IT environments often overlooked?
As an industry, we have failed to properly implement the technology needed to have full visibility of IT environments and control them. This has caused many organisations to try and gain the necessary visibility and control through multiple point solutions. One-off specialised solutions that complicate security decision-making fail to scale and fall apart in a borderless environment. Data is stored in siloes and IT teams become less efficient.
Instead, companies should look to secure endpoints through a single platform to prevent security gaps opening up and respond to incidents in real-time. The first step to achieving this is having complete visibility and control of the network. Quite often, the most significant threats are hidden in plain sight. However, visibility within IT environments is often overlooked because enterprises fail to realise the full extent of the risk that a vulnerable endpoint poses to their operations and data.
Why is this a problem?
Modern day organisations have millions of globally distributed heterogeneous assets that they need to see and control in real-time. The solution to this challenge is typically to deploy a diversity of point solutions, creating a fragmented approach to security that is riddled with siloes. Instead of achieving more control, this leads to organisations often ending up with just the opposite, unable to quickly answer basic questions about how many endpoints or devices they have, what applications run on each of them, or whether they have the proper access controls to ensure security.
This is where the importance of visibility comes in. Instead of adopting purely reactive solutions, it is essential to gain both visibility and control of the organisation’s network to reduce the risk of falling victim to a cyberattack by identifying the intruders or weak points in the first place.
What is the impact it can have on organisations?
When a company lacks visibility into its network, this can pave the way for cyber attackers to have easy access to its sensitive data and internal assets, leading to a costly compromise.
A compromise can disrupt operations and result in costly downtime, but it also puts sensitive data at risk and puts the company in jeopardy of financial and reputational losses down the road. For instance, the fallout from insider threats alone costs Middle Eastern companies US$11.65 million annually, according to Proofpoint, and this is just the tip of the iceberg.
Protecting an organisation from the effects of any attack – including ransomware – comes down to ensuring security defenses are up to date, appropriately configured, and ensuring employee behavior is driven towards the adoption of best practices.
What steps can be taken to address the problem in both the short- and long-term?
Organisations require a paradigm shift to current approaches to managing complex risk, security, compliance, and technology challenges. Tanium’s own research found that 94 per cent of today’s enterprises find at least 20 per cent of their endpoints are unprotected, while the many tools sitting on those endpoints adversely affect performance and visibility.
Instead of bolting on more point solutions to solve their security concerns, organisations need to look to a new approach that unifies security controls and provides clear visibility across all endpoints within their organisation. This approach, known as converged endpoint management (XEM), allows teams to take stock of all their endpoints in seconds, regardless of the organisation’s scale and complexity, and effectively protect their infrastructure from cyberattacks.