FEATURE: SECURITY MANAGEMENT
• Network infrastructure: Public and
private clouds, on-premise IT and
operational technology (OT)
• Assets: Endpoint detection and
response (EDR) systems, patch
management systems, configuration
management databases (CMDB) and
homegrown databases
• Vulnerabilities and security weaknesses:
Active vulnerability scanners, app and
///////////////////////////////////////////////////////////////////////
you far greater insight into where your
biggest security management problems lie.
This insight can help improve the value of
your existing security investments:
• Firewalls: Modeling helps close the
security gaps in firewall solutions
by enabling you to compare your
organisation’s policies against aggregate
network access, device configurations,
ORGANISATIONS HAVE MADE
SIGNIFICANT INVESTMENTS IN A
MYRIAD OF NETWORKING AND
SECURITY TECHNOLOGY.
web app scanners, asset configuration
weaknesses and custom vulnerabilities
• Threat intelligence: Public and private
security feeds of analyst-verified research
Gain context or perish
When you have centralised data repositories,
you need to turn your data into intelligence
that can be acted on.
Without the right intelligence, you can’t fully
understand how your actions are improving
or harming security posture.
Correlating and analysing disparate data
sets is one way to yield context. But actually
modeling the data can have incredibly useful
applications and can lay bare where security
gaps exist.
Data models can serve as an offline
environment that can be used to
troubleshoot issues, identify risk in your
unique organisation, predict how changes
could affect risk and more.
Turning data into visual representations and
interactive models can be an even greater
benefit as security personnel can ingest
complex information more quickly.
Seeing an accurate representation of your
environment – instead of being ensconced
as a principle in your policies or SLAs – gives
42
INTELLIGENTCIO
routing rules and more. It gives you
grounded insight into the effectiveness of
your policies.
• Vulnerability scanners: Modeling
helps to refine scan results to identify
remediation priorities. The model
provides a way to match vulnerabilities to
assets, where they reside in the network
topology and what are the surrounding
security controls that determine exposure
to potential attacks.
• SIEMs: Leveraging a model can also
shorten response times after an incident
occurs, contextualising SIEM results
to understand potential impacts, how
attacks could spread and which alerts are
simply false positives.
Use context to
improve processes
It’s only when you understand the context
of your entire environment that you can
really start to improve your processes and
bridge the security management gap.
Systematically incorporating contextual
intelligence in processes not only improves
the efficiency of those processes, but their
impact on security status as well.
To effectively manage firewalls, you
need to ensure that they’re adhering to
policy and maintaining security even as
your environment changes. For example,
when new access is requested, contextual
intelligence from model-driven approaches
can show if the requested rule change would
expose a vulnerable asset – before the
change is ever made. Having this knowledge
not only ensures tighter security, but also
reduces time wasted on rollbacks.
In terms of patch management, using
complete context to prioritise vulnerabilities
by risk ensures patches rolled out are having
the biggest impact on security.
Additionally, the model-driven approach
also makes it easy to find mitigation options
like configuration or rule changes that
would reduce the risk a vulnerability poses
if it can’t be patched. This is especially
useful in organisations with OT networks
that prize uptime above all else, and patch
www.intelligentcio.com