"It’s common in information security to look at the most recent innovative attack in the news and imagine that you need a shiny new tool to deal with it. A fair amount of the information security industry is based on just this pattern. The fact is, however, that foundational controls are foundational because they deal with the breadth necessary to manage risk in a changing landscape. New controls may become foundational over time, but the old ones largely remain core to successful risk management. Anytime there’s a new threat to deal with, rather than using it as a means to acquire new shiny objects, consider how that might be used to drive more excellence in the foundational controls you have today."So, how can you help your organization achieve excellence in the essentials? Here are five elements to consider:
- It's important to implement robust vulnerability management, so that we can reduce the number of false-positives. We can do this by profiling assets to run targeted scans for specific types of devices and applications that are running.
- We need to prioritize which vulnerabilities to tackle first. We can do this by focusing on granular scoring and prioritization, so that we can allocate limited attention and resources to the vulnerabilities that matter most to our environment.
- For secure configurations, it’s important to have robust compliance reporting. The ability to quickly – and accurately – assess against common known standards in preparation of audits or against internal policies is key.
- Another common challenge is knowing what’s changed in your environment and being able to detect when an incident or breach occurs. The ability to monitor and alert to those changes in real-time and understanding what those changes mean in the context of your environment is critical.
- Finally, automating remediation is a key component to achieving excellence in the essentials. No platform is an island, and the ability to integrate through workflows can help us respond to threats faster and more effectively.
"By focusing on specific and obtainable goals, organizations can create significant management and operational benefits, including better visibility, management of resources, and lower costs."Ultimately, achieving excellence in the essentials will help your organization gain a much higher state of security readiness. For more information on implementing foundational security controls to protect your hybrid cloud environment and remaining IT infrastructure, click here. https://www.youtube.com/watch?v=MdD7_BD4phw