Proactive, continuous monitoring key to thwarting cyber crime
- By Jim Flyzik
- Oct 29, 2012
Continuous monitoring is a critical but often misunderstood component at the epicenter of "proactive" cybersecurity.
How do we prevent malicious threats from getting into an organization’s network while allowing legitimate data to flow efficiently? How do we monitor data on our storage devices, the data at rest? How do we audit all the devices in our network and their unique configurations?
In today's complex technology landscape, network parameters are constantly evolving. This makes it nearly impossible for IT professionals to manage growing gaps in the infrastructure when even the smallest misconfiguration can leave the strongest defenses vulnerable to attack.
With this in mind, the public sector faces several challenges. First, there are various heterogeneous product sets within our largest government agencies. Consider hundreds of different product sets from hundreds of different manufacturers. Then consider the cost. The public sector is already dealing with budget and deficit cuts while, most importantly, trying to stay ahead of the threat. Cyber terrorists are already extremely knowledgeable about the technologies in place to protect our infrastructure and are constantly looking for vulnerabilities to exploit in order to circumvent the latest and most up-to-date security solutions.
This is where continuous monitoring fits into the picture. There are a lot of tools on the market that run periodically against configurations, including registries that tell you if anything is incorrect or corrupted; but again that is being reactive to the problem. Major damage may have already been initiated before the vulnerability is discovered.
We live in a digital world where government agencies and IT professionals don’t have time to prepare for an attack. Attacks happen in real time, in nanoseconds. Proactive continuous monitoring solutions are running around the clock looking for suspicious activity or anomalies and triggering an alert if suspicious activity is detected. With an effective continuous monitoring system, organizations will be able to:
- Detect compliance and risk in an organization’s operations.
- Provide essential, near real-time security status to senior management.
- Transform static and occasional security and risk assessment into a dynamic process.
- Determine if deployed security controls within the network are still effective over time.
To meet the demands of continuous monitoring, organizations in the public and private sector need to evaluate the full range of technologies available on the market. CIOs should keep an eye out for technologies that use automation to constantly assess the security infrastructure of their network. These solutions should address the need to test, track and validate information security practices by automating management, operational and technical controls.
By maintaining continuous awareness of all IT defenses, organizations will have a deep insight into IT security, compliance and risks at hand. There are various solutions on the market that provide a-la-carte offerings of these services.
Cyber warfare is here. If we don’t shift the way we think and strengthen our defenses, we will pay the price down the line.
Jim Flyzik is president of consulting firm, TheFlyzikGroup. He held numerous senior IT positions during his 28 year tenure in the federal government and hosts the monthly radio program, "The Federal Executive Forum" on Federal News Radio.