The last few weeks have been a busy time, no scrap that, the last few months... I have been involved in so many discussions around information security, breaches, policy, ransomware, growing risks, behavioural analytics and similar lines of conversation. I have spoken to so many very clever business and IT leaders; and I am often baffled how one of the most obvious facets in governance and protection is overlooked. They simply miss the (end) point.
The conversation starts by discussing various risk vectors, how they are being addressed and what is being used. Some have large budgets, some are small and several haven’t even thought of information security or risk mitigation to prevent and reduce the impact of breaches as an item to budget for!!! As I said up top – I am baffled….
Some clients (of all sizes) have started to look at the various risk items and like so many; feel it is so complex that they have no idea where to start; so they decide it is not the right time to worry about this now; there are more pressing issues. More pressing??? What is more pressing than knowing what risks your people are causing within the business – should we rather wait until there is a major public breach and customer and employee information is leaked on the internet? Will that be the right time? Again - baffled!
Every so often network log analytics often comes up, SIEM systems are quite good at aggregating vast amounts of data from many different systems and telling you a whole lot of information. Therein is the point – there is so much to look at. Tens of thousands of entries to view by your Security Team who can then analyze those entries to highlight possible incidents to your Security Response team. Wonderful!!
So I ask our new and potential clients
1. Who will look at that information?
2. How big is the security team analyzing the tens of thousands of log file entries to pick up risk?
3. You don’t have a Security Team?
There is no capacity when I see that the average large organisation has a security “team” of two or three people. Over 30,000 users interacting with systems and data each day generating logs and events managed by a SIEM and two or three over-worked staff? Say it with me – baffled!!
Then surely a network based appliance is the way to go? RIGHT??? Perfect… so there is a good chance that you may highlight some risk with a network based monitoring appliance. Give it some good mathematical analysis to point out some predictive analytics on things that happen across the network and you believe you will be covered!!
That may be true if the users did everything connected on a single network in a single place. Ask yourself; how many users move with laptops containing the very same data you are wanting to protect and monitor? What do those users do when they are off your protected network? What data are they moving when they are away then? Copying to USB or sticking into unprotected cloud sharing services. Do you know; or have you missed the (end) point. Your XP based POS machines – when were they patched? REALLY… All of them?
What is truly baffling is that the problem is often staring at them in the face (or at least staring at the screen of the machine you provided). If you do not have visibility and protection of the user’s activity at the end point – you will miss far more than you are able to protect. On net monitoring works in a perfect world – but we work in an imperfect world. Users make mistakes, click on links, download software they shouldn’t and are given far more access than they require simply because there are inadequate controls brought about through the lack of visibility with the user at the end point.
My goal is to help the clever people make progress - not simply tick a box on an audit requirement. Make a real valuable input into the security operations of your business. Let us help you see the end user, it’s not that baffling.
Talk to me….