By Ellen Sundra, VP of Americas Systems Engineering, Forescout Technologies
The massive growth of devices hitting our networks is not a secret or a new discussion. We have all seen the predictions of growth from Gartner – 14.2 billion devices today growing to 25 billion devices by 2021. Right along with device hyper-growth comes increased risk vectors, and the need for organizations to adopt a willingness to automate their cybersecurity strategy.
The foundation of every well-planned security program is device visibility. Having intelligence on 100% of the devices across all aspects of your extended enterprise, inclusive of IT, IoT, Data Centers, Cloud and OT networks, helps prioritize risk and protect potential breach access points. Mind you, visibility isn’t a silver bullet, it is the enabler of the critical step to turn that intelligence into action by layering on tools like automation or network segmentation.
Automation can allow organizations to quickly authenticate authorized devices on the network, and apply action controls and policies to devices which are unauthorized. The decision to automate is often a level of comfort for trusting that you truly do know what is on your network and that you don’t accidentally block access to a mission-critical device or apply a patch to an older device that might break it or void its warranty. Automation forces better behavior across the organization and allows resources to focus on more strategic efforts when your security tools are configured to analyze device function and compliance.
I see this every day within the industry, for example, the Department of Homeland Security is one early leader in this practice of understanding the importance of visibility and turning it into action. The first two phases of its Continuous Diagnostics and Mitigation (CDM) program looked to discover what and who was on DHS networks. The next phase will look to use that intelligence to kick start more advanced cybersecurity conversations and capabilities, like automation and incident response. The Department of Defense is also in the process of launching a similar program, called Comply to Connect.
Network segmentation is another tool that organizations can use to reduce risk using the information gathered by visibility tools. Once you can identify what devices are attached to the network and understand their context, network segmentation can limit what those devices can do and what they have access to. For example, you may not want medical devices and payment and finance systems on the same network. You may choose to segment those separately to reduce risk without eliminating functionality. This can also help with audits and compliance in regulatory-sensitive organizations.
This is why visibility needs to serve as the foundation of automation and network segmentation. With full device visibility and context, you are able to say with confidence what devices are on the network and their specific attributes. That context allows for nuanced policies, which protects against these worries of broad-spread automation.
We are living in the world of IoT, where billions of devices are coming online every year. There will always be new devices coming onto the corporate network. Visibility is a tool that gives critical cybersecurity intelligence into this rise, but it is just the building blocks for a sustainable and scalable enterprise cybersecurity strategy.
About the Author
With more than 20 years of experience in the cybersecurity industry, Ellen leads the Americas System Engineering team for Forescout Technologies. Together, Ellen and her team are responsible for designing customized security solutions for Commercial and Public Sector customers. Prior to joining Forescout, Ellen was a network architect and security advisor with iPass, UUNet, and WorldCom. Ellen earned a Bachelor of Arts in computer science from Rollins College and is a Certified Information Systems Security Professional (CISSP).