Page 20 - GCN, Feb/Mar 2018
P. 20

                                             ADAPTIVE RESPONSE
Using a true visibility
 platform to combat threats
Shawn Rodriguez
Regional Vice President, U.S. State and Local Government and Education, ForeScout Technologies
more rapid threat identi cation and prioritization. Harnessing such granular data also provides valuable context to con dently create more e ective security policies that mitigate and remediate threats with automated, targeted actions. Policy-driven context-aware actions should include, for example, network controls that automatically restrict access based on type of threat, device, location and/or user.
Securing innovation
A critical core to adaptive security operations should be agentless, real-time visibility with rich contextual insight across heterogeneous devices and network tiers. You can’t secure what you can’t see. Also at the core should be the ability to rapidly
Better insight into connected devices and the risks they pose allows agencies to orchestrate effective responses
to evolve rapidly to promote citizen
innovations and services. The resulting growth in virtual machines, the internet
of things (IoT), bring-your-own-device environments, guest users and operational technologies (OT) with access to corporate networks increases risk by expanding the attack surface far beyond the traditional IT-managed device inventory.
Adaptive cybersecurity is crucial
for combating threats across complex, constantly changing networks. At the root of adaptability is continuously discovering, classifying and assessing devices and
users, regardless of device type, as they gain access to networks from any entry point across network tiers. Collecting and correlating the right amount of device, user and network data for complete clarity and context are also important.
Resolving complex data collection challenges such as overlapping IP addresses for location accuracy, supporting new IPv6 devices and passively collecting OT device data that might only have a MAC address increase accurate insight into the overall threat landscape. When threats are detected, it is critical to immediately respond with context-aware actions that prevent propagation and enable remediation.
Automation helps agencies further
close gaps between threat detection and response. An automated process that is based on granular intelligence and security policies is essential to e ective cyber defense. Automation should  ow through device discovery, data correlation, threat intelligence, detection and response. This
complete  ow helps optimize an agency’s ability to protect itself against diverse threats across heterogeneous networks. Creating a closed-loop security system with these critical components greatly reduces risk and increases operational e ciency while accommodating constantly changing network landscapes.
Context-aware automation
Because IT and security budgets are often not aligned with the increase in attacks, an adaptive security strategy should include automating as much as possible to address the gap between sta ng and security needs. An important  rst step is to continuously monitor and collect the what, who, why
and where details of connected devices
A critical core to adaptive security operations should be agentless, real-time visibility with rich contextual insight across heterogeneous devices and network tiers.
across heterogeneous network landscapes, regardless of connection point, time of connection or device type. Doing so without disrupting network performance or requiring endpoint agents on all devices creates a more complete security assessment.
Automatically correlating massive
data — including device properties, user information, applications, security pro les and network information — enables
identify threats and immediately respond. Orchestrating information sharing and work ows among these core capabilities plus other security components can further reduce attack surfaces and close security gaps. By also integrating with next- generation  rewall capabilities, for example, agencies can dynamically segment devices at time of connection — without requiring prior device knowledge or rebuilding networks.

   18   19   20   21   22