Article by Forescout regional director for A/NZ Rohan Langdon.
Device numbers on today’s enterprise networks are out of control with billions of different types of devices connecting including IT, operational technology (OT), Internet of Things (IoT) and bring-your-own-device (BYOD).
Some are managed and known; however, many aren’t, and there is the added complexity of device users being located anywhere in the world. This creates risk for businesses that don’t have full visibility into all of the devices on their network.
Employees, contractors, partners and customers are all connecting to the data centre or the cloud from anywhere – securely or otherwise. All of this makes each network environment complicated: a veritable Enterprise of Things (EoT) that requires thoughtful planning and decisive action when it comes to securing devices and the enterprise itself.
Here are five key EoT challenges for today’s CISOs and other security and operations leaders to consider:
Inventorying and managing the explosion of unmanaged devices
Managed devices with security agents on board, such as corporate-owned PCs, laptops and smartphones are becoming scarce compared to the billions of agentless IoT and OT devices joining networks.
IT-OT network convergence is taking place at the same time, which is increasing productivity and streamlining network management but adding risk. Getting a handle on the attack surfaces of today’s heterogeneous networks is more demanding than ever before.
Identifying where risk resides in today’s enterprise environment
The concept of risk analysis is changing and expanding, along with the attack surface. A recent EoT analysis determined that IoT devices pose the most significant risk.
Not only are they challenging to monitor and control, but they also create vulnerabilities by bridging the gap that used to exist between the cyber and physical realms. IoT devices can be clandestine gateways into networks or primary targets of specialised malware.
The vanishing network perimeter
Now that enterprise networks extend to wherever in the world workloads and workers happen to be, there is no such thing as a defensible perimeter around an organisation.
Perimeters must surround each connected device and every workload. Security begins at the asset’s edge.
Segmentation without business disruption
Until recently, the available network segmentation tools were difficult to deploy and couldn’t cross network domains, resulting in business disruptions and a fragmented environment.
The problems only got worse when organisations added new devices and further extended their networks.
Today, however, solid segmentation solutions exist. It no longer makes sense to stick with vulnerable flat networks.
Dealing with the ‘do more with less’ paradox
It’s difficult to make the case that the SecOps department is an efficient bulwark and provider of cost savings when the organisation’s security and network management uses fragmented, job-specific legacy tools.
Even best-laid transformation plans can lead to trouble, namely: sluggish deployments; slow return on investment; steep learning curves; and limited satisfaction with chosen solutions.
Each of these five challenges can be daunting. However, each one, if unresolved, can lead to the ultimate challenge: a cyberattack that results in operational problems, stolen data, brand reputation damage, massive fines and public safety issues to name a few.
Prevention is the key, which means an effective solution must be capable of 100% agentless device visibility, continuous monitoring and automated threat response.