Each of these five challenges can be daunting. However, each one, if unresolved, could lead to a cyberattack resulting in operational problems, stolen data, brand reputation damage, massive fines and public safety issues.
Device numbers on today’s enterprise networks are out of control with billions of different types of devices connecting including IT, operational technology (OT), Internet of Things (IoT) and bring-your-own-device (BYOD).
Some are managed and known; however, many aren’t and there is the added complexity of device users literally being located anywhere in the world. This creates risk for businesses who don’t have full visibility into all of the devices on their network, according to Forescout.
Rohan Langdon, regional director for Australia and New Zealand (ANZ), Forescout, said, “Employees, contractors, partners and customers are all connecting to the data centre or the cloud from anywhere; securely or otherwise. All of this makes each network environment complicated: a veritable Enterprise of Things (EoT) that requires thoughtful planning and decisive action when it comes to securing devices and the enterprise itself.”
Forescout has identified five key EoT challenges for today’s CISOs and other security and operations leaders to consider:
- Inventorying and managing the explosion of unmanaged devices. Managed devices with security agents on board, such as corporate-owned PCs, laptops and smartphones, are becoming scarce compared to the billions of agentless IoT and OT devices joining networks. IT-OT network convergence is taking place at the same time, which is increasing productivity and streamlining network management but adding risk. Getting a handle on the attack surfaces of today’s heterogeneous networks is harder than ever before.
- Identifying where risk resides in today’s enterprise environment. The concept of risk analysis is changing and expanding along with the attack surface. A recent Forescout Enterprise of Things analysis determined that IoT devices pose the greatest risk. Not only are they challenging to monitor and control, but they also create vulnerabilities by bridging the gap that used to exist between the cyber and physical realms. IoT devices can be clandestine gateways into networks or primary targets of specialised malware. The Enterprise of Things Security Report, The State of IoT Security in 2020, Forescout Research Labs, May 2020
- The vanishing network perimeter. Now that enterprise networks extend to wherever in the world workloads and workers happen to be, there is no such thing as a defensible perimeter around an organisation. Perimeters must surround each connected device and every workload. Security begins at the asset’s edge.
- Segmentation without business disruption. Until recently, the available network segmentation tools were difficult to deploy and couldn’t cross network domains, resulting in business disruptions and a fragmented environment. The problems only got worse when organisations added new devices and further extended their networks. Today, however, solid segmentation solutions exist. It no longer makes sense to stick with vulnerable flat networks.
- Dealing with the ‘do more with less’ paradox. It’s difficult to make the case that the SecOps department is an efficient bulwark and provider of cost savings when the organisation’s security and network management uses fragmented, job-specific legacy tools. Even best-laid transformation plans can lead to trouble, namely: sluggish deployments; slow return on investment; steep learning curves; and limited satisfaction with chosen solutions.
Langdon said, “Each of these five challenges can be daunting. However, each one, if unresolved, can lead to the ultimate challenge: a cyberattack that results in operational problems, stolen data, brand reputation damage, massive fines and public safety issues to name a few. Prevention is the key, which means an effective solution must be capable of 100 percent agentless device visibility, continuous monitoring and automated threat response.”
Comment below to have your say on this article.
If you have a news story or would like to pitch an article, get in touch at firstname.lastname@example.org.
Sign up to DEFSEC e-Newsletters.