The world of cybersecurity is complex and ever-changing. But that doesn't mean there aren't any recurring themes or repeating patterns. Over the years, in our work with hundreds of companies across the globe, we've noticed a few key factors that keep popping up, vexing decision-makers and resulting in poor security practices.
Here, we'll give attention to those considerations – examining all sides of the matter in an effort to identify any available pointers and avoidable pitfalls.
Conventional wisdom tells us that a bird in the hand is worth two in the bush. But it's not just folksy advice, it's also basic human psychology. We're hardwired to think that way. We consistently over-value near-term events and under-value more distant events. When it comes to digital security however that type of thinking – natural though it may be – is downright dangerous.
Nothing exists in a vacuum; including insecurities. Any action taken to close a given point of exposure will inevitably have consequences. It could be good, it could be bad, it could even be neutral. But there will always be a knock-on effect. In the field, that fact often manifests in the form of a dilemma: how do you weigh the threat of an attack against the risk of breaking things and disrupting the business.
Because business activities are real and present right now, most decision makers will opt for inaction – preferring to leave current operations intact and downplaying the threat of future cyber compromise.
In fact, we often find that businesses actually have a decent handle on how they're operating with risk. And still they don't do anything to reduce that risk because they lack a clear accounting of how all the different pieces of their business and technology fit together. They're afraid that if they uninstall a certain piece of software or restrict a certain protocol or port access, it could impede business critical functionality.
GYTPOL offers an easy way out of this dilemma.
By mapping your operational dependencies down to each individual service, protocol, and port, GYTPOL is able to identify and prioritize security remediations guaranteed to have no adverse effect on the business. Where there's a chance of undesirable impact, the risk is clearly indicated. And as an added fail-safe, every change pushed through GYTPOL is instantly reversible with a click.
This turns genuine dilemmas into can't lost propositions and helps businesses manage their risks more rationally and more constructively. Ultimately, it makes it possible for operators to act with much more confidence and assume a much more aggressive defensive posture.
When it comes to security policies and security groups, things are rarely as simple as they seem. You can make changes in line with best practices and your best judgement, but you'll seldom totally understand the ripple effects of those changes as they stretch across the network.
Just as significantly, you may not know exactly how far those changes stretch. This is because being included in a particular group, any number of factors can conspire to prevent policy enforcement on a given endpoint.
Different device types, operating systems, and software only add to the complexity – contributing to fragmented operational visibility and controls. And that's before accounting for the potential of conflicting rules, errant GPO applications, and ineffective scripts. In other words, it's not exactly a straight line from defining the policy to realizing the desired outcome. And from point a to point b, there's a lot that can get in the way.
Unfortunately, for most businesses, there's no quick and easy way to validate that policies are working as expected. Instead, it requires a fairly involved audit that can span several weeks or even months. Those sorts of projects are too resource-intensive to be maintained on a continuous basis. Instead, they're scheduled at regular intervals; normally once or twice a year.
But with the rate at which devices come in and out of operation, vulnerabilities emerge, and the threat landscape changes twice a year is hardly enough.
But that's the rub and there's really no way around it. You've gotta chose:
You can't really do both. Yet neither makes much sense without the other. There's no good answer obviously and most organization just try to split the difference. But that still leaves IT and security teams working to every day to devise, define, and deploy changes that may or may not work – at all, or as intended.
It's kind of crazy if you stop to think about it. It's a little like putting a message in a bottle, tossing it into the ocean, and hoping for the best. In children's stories, it's romantic. In cybersecurity, it's a recipe for disaster.
While the platform has evolved considerably over the years, this is actually the problem that GYTPOL was originally created to solve. First by scanning your endpoints to confirm their compliance with established policies. And second by assessing your exposure in the face of pertinent threats. In this way, GYTPOL not only ensures that your policies are in force, but that they're fit for purpose.
Where changes are needed, the system details the current state risks, the affected groups, and the recommended remediations. Most importantly, it allows you to enact those changes with the push of a button and with validated enforcement.
At the end of the day, time is the ultimate currency. Everything else aside, there's only 24 hours in the day. The work day's even shorter, of course, and no amount of strategizing or process refinement can free us of that constraint. So what do you when time is the problem?
When you give someone a list of 100 things to do, you'll be lucky if they do 80 of them. And if those 80 things take a few weeks to complete, by the time they're done, there'll be another 200 things added to the bottom of the list.
That leaves you with a considerable time gap – the amount of time it takes to plug those first 80 holes. It also leaves you with considerable cracks in your armor – the 20 problems (and counting) that never get addressed. Most crucially, it leaves you playing an impossible game of catch up – with your exposure only ever growing.
(And that's assuming you have a clear inventory of all the issues present; a generous assumption that reality rarely grants.)
Operating from that reality, it inevitably becomes a juggling act – and if you're being honest, you know you won't be able to keep all those balls in the air. So you prioritize. And over time what started as manageable risk quickly spirals into unacceptable exposure.
If you're reading this and feeling your blood pressure rise, it's probably because the scenario described hits a little close to home. If you're a security professional, it definitely rings familiar.
It's generally believed that the only way off this hamster wheel is through up-staffing – a luxury that few businesses can afford nowadays. But there's another way. The GYTPOL way.
GYTPOL not only provides visibility into the things that need to be remediated, it now only tells you how each issue can be remediated, but it's able to cary out the actual remediation. Making it possible for operators fix problems with a simple click; on any device, anywhere, anytime.
In practice, that's the difference between never getting to the bottom of your to-do list and completing it with time to spare. Time that can be poured into other projects.
The cyber landscape is fraught with complexity and pitfalls. Surveying that landscape, several decisive obstacles can be seen. If businesses can intelligently navigate these obstacles, they stand poised to deliver both security and business continuity.
The keys to success?
By deftly managing these issues, decision-makers can transform no-win dilemmas into no-risk opportunities. Breaking free from prior limitations, organizations can set a new standard for process efficiencies – bolstering the business while safeguarding its operations and assets.