The Forescout Continuum Platform was recently named Most Innovative Security Solution by The Tech Ascension Awards.
We spoke with Ian Curry, Forescout to discuss the cybersecurity challenges organizations face and what solutions can be implemented to help them mitigate security risk.
What are the greatest challenges organizations face today as they try to accelerate their IT/OT convergence journey?
As organizations try to accelerate their IT/OT convergence journey, one of the biggest challenges they continue to face are day-to-day network misconfigurations. Although outside attacks are always a concern, these operational errors are the most likely to threaten the productivity of organizations, especially as they begin to accelerate their convergence journey. While IT and OT control systems were historically viewed as separate groups within an organization, it’s no longer appropriate to view them that way. The convergence of these two groups depends on their ability to communicate with one another.
Some additional challenges to consider when accelerating IT/OT convergence include the lack of foundational security in OT systems and the rapid growth of IoT devices. OT systems are often built with reliability in mind because of their business importance and sensitivity; therefore, OT systems may not be updated as often as needed from a security perspective. Furthermore, because OT assets may not have been designed to be connected, they weren’t built with security in mind, opening up potential vulnerabilities as discovered by Forescout’s Vedere Labs in OT:ICEFALL.
The rapid growth of IoT devices driven by digital transformation creates another cybersecurity challenge because IoT devices create an attack surface that can be leveraged for ransomware, for example. All connected assets need to be visible and understood because it is the overall attack surface that matters.
How have the visibility needs for enterprises evolved amid the widespread adoption of unmanaged connected assets?
The widespread adoption of connected devices that cannot be or are not managed by traditional security solutions is increasing the need for enterprises to have complete visibility into all of their assets. Security teams need to be able to understand what assets are on their networks to implement appropriate security practices, including device compliance along with network access control (NAC) and segmentation. Visibility includes understanding how devices are interacting with each other, what protocols are being used, which assets need to be on the same network segment, and if any changes occur, how that will impact the assets. With this information, security teams can implement the right security policies to protect against intruders and prevent them from moving laterally.
Why is continuous monitoring of connected asset risk posture more important today compared to a few years ago?
Continuous, real-time monitoring is replacing traditional security approaches, such as schedule-based device scanning. With cyberattacks on the rise, continuously monitoring endpoint state and behavior is critical to protecting an organization’s network. By using continuous monitoring, an organization can detect endpoint changes or unusual asset activity on its network. Knowing asset status in real-time helps organizations react much faster when a threat is found on their network, preventing larger cybersecurity breaches from occurring and further disrupting business operations.
What are five steps organizations can take between now and the end of this year to get a better handle of their digital terrain?
Many organizations are unaware (or unsure) of how many assets are connected to their networks. For organizations in that state, the first step to improving the security of their digital terrains is to immediately embark on a program for visibility to generate a comprehensive, real-time asset inventory. Secondly, they can connect this real-time asset inventory with the organization’s CMBD system, such as ServiceNow, to improve security posture and the overall efficiency of the organization’s IT team.
Once the asset inventory is connected to a CMBD system, the third step for improved security is to implement a program to ensure connected assets are continuously maintained in a compliant state. Not only will this solution improve an organization’s risk posture, it will also make cybersecurity audits a straightforward, easy process rather than a time-consuming, painful process.
Organizations with visibility and asset compliance in control are in a position to begin the fourth step in securing the digital terrain: implementing a Zero Trust Architecture (ZTA) program. This step helps organizations understand how network segmentation can deliver least-privilege networking to minimize an insider or external attacker’s ability to move inside a network.
Lastly, organizations looking for threat detection should implement a program to understand key data sources that are available for threat detection, and then drive those data source into a threat detection system like Forescout Continuum that also enables real action to be taken when threats are detected.
How is Forescout’s Continuum platform enabling enterprises to strengthen their overall security posture?
Forescout’s Continuum platform is the only solution that provides high-scale visibility and automation across all asset types, including IT, OT, IoT, and IoMT devices. By providing enterprises with this level of visibility across their digital terrain, the Continuum platform empowers enterprises to govern cyber assets appropriately and efficiently, leveraging automation to enable cybersecurity team members to focus their energy on the things that matter most.
In today’s connected and dynamic digital world, issues such as device decay, rapidly evolving business applications, and business issues like acquisitions lead to ongoing change that can drive misalignment between an organization’s digital reality and its security framework. Forescout’s Continuum Platform delivers automated cybersecurity across all device types to continuously minimize any gaps between an organization’s digital reality and its security framework.
How can automation play a bigger role in the security team’s day-to-day operations?
There are many factors driving the need for automation to play a bigger role in security. For example, a combination of the rapid adoption of digital transformation initiatives and a growing labor shortage is making it difficult for organizations to find enough staff to support their needs. Automation is a primary solution to help support these initiatives and manage cyber risk. Some ideal use cases of automating cyber risk include discovering and categorizing devices on the network to ensure vulnerabilities are seen and immediately addressed through automated remediation whenever possible. Automation is essential to ensuring devices remain continuously compliant with an organization’s security framework.
Automation in threat detection is also necessary because threats need to be detected in real-time, not days later. This is where technologies such as high-fidelity data analytics are required to look at billions of data points to determine which, if any, represent true threats, rather than raising so many alerts that the IT team becomes quickly overwhelmed.