Employee Monitoring

Five Things You Should Know About Enterprise Visibility

By Dr. Christine Izuakor

Data breaches happen daily, many of which go undetected for months and even years. In this environment, having visibility into assets across the enterprise is paramount. This critical security need is termed “enterprise visibility” and has become a household name across the industry. The concept can take on a variety of meanings depending on the stakeholder you may be dealing with across the enterprise. Executives may define enterprise visibility as having insight into the most critical threats and cyber risks to the company. Network engineers may see this as having visibility into the traffic traversing the corporate network. General employees may see it has cyber surveillance of all activity. The list goes on and on. For cyber security professionals, enterprise visibility means all of these things. It’s important to have insight into what’s hosted within, connecting to, and interacting with the corporate network. Further, most of this activity stems from users, making visibility into user actions and behaviors one of the most critical elements of enterprise visibility. Here’s why:

1. You can’t protect what you can’t see.

Companies large and small are still struggling to understand what assets they have in order to get visibility into them. Technology professionals can find themselves managing hundreds and sometimes thousands of devices connected to the network. Without proper asset management functionality in addition to the growth of IoT and shadow devices, this challenge is further bolstered. It’s not uncommon to find companies who lack an inventory or comprehensive knowledge of assets on their networks and, without this information, it’s nearly impossible to protect what companies don’t even know is there.

2. It’s not just about devices; it’s about people.

When people hear the term enterprise visibility, the first thing that may come to mind is an insight into the devices on the network and logs showcasing what’s happening on those devices. The reality is that enterprise visibility also requires an understanding of who is in your network and what they are doing. Further, understanding human behavior enables the more proactive and predictive element of this domain. By leveraging big data associated with user interactions in combination with artificial intelligence, corporations can identify and even predict suspicious activity, which contributes to greater enterprise visibility.

From an insider threat visibility perspective, companies can leverage user-focused technology to detect when bad apples are lurking amongst trusted employee populations.  In addition, when people know that others have visibility into their actions, they are less likely to engage in inappropriate behaviors and accountability is increased. Though a great benefit, it’s essential to ensure the privacy of employees is meticulously maintained in the process.

Focusing on people can simplify monitoring strategies.

In 2019, it’s not uncommon to see an environment where users own 3 – 5 devices per person. For example, one might have a personal phone, a work phone, a personal laptop, a work laptop, a tablet, and a smartwatch. Each of these devices, when connected to a network, increases the attack surface and thus increases what requires visibility and protection. If, for example, every employee had three company-issued devices, you could have up to 300 devices associated with every 100 employees. While you’d want visibility into all of these devices, it could be less complicated to focus on monitoring the activity of 100 employees across your entire network, instead of disparately monitoring the activity of 300 different devices.

Your livelihood can depend on adequate visibility.

No cyber security program is complete without a robust incident response process. When an adverse event occurs, understanding the extent of the damage, determining whether an actual security breach occurred, and being able to act to mitigate the impact in a timely manner can be critical to the livelihood of an organization. Poor enterprise visibility ultimately leads to poor incident response. Without adequate visibility, investigations are considerably harder and sometimes even impossible.

In addition, attackers often lurk inside of the company, under the radar for extended periods of time, and without proper visibility, you wouldn’t know. In order to even understand if there is something worth looking into, you must be able to detect this unlawful presence. This cannot be done without adequate enterprise visibility capabilities.

Mastering enterprise visibility not as easy as it seems.

Even if companies were able to overcome the challenges associated with lagging asset inventories and management, getting the right level of visibility into the right devices is another part of the equation that can make or break enterprise visibility efforts. It’s important to identify which assets require insight and also ensure resources are available and able to leverage that insight to make useful security decisions in real-time.

There are numerous vendors existing today who promise to help companies solve their visibility woes at the push of a button. In addition, the growth of managed service providers offers the manpower to cover the required human element of visibility that machines cannot address. Unfortunately, it is almost never that simple, and any company eluding to that must be thoroughly vetted. There is, however, technology, such as Veriato Smart Monitoring, that leverages machine learning and artificial intelligence backed solutions to fill the analysis gap that is often presented when companies rely too heavily on people and manual analysis for visibility needs.

Conclusion

Enterprise visibility is a fundamental part of any good cyber security strategy. Without it, reasonable asset protection, incident detection and response, and other fundamental enterprise security functions are nearly impossible to accomplish.

 

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Insider Risk & Employee Monitoring Resources

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...

Insider Risk Management: Addressing the Human Side of Risk

Insider Risk Management: Addressing the Human Side of Risk

Key Takeaways: Proactive Over Reactive: Shifting from a reactive to a proactive approach is essential in managing insider risks. Continuous monitoring and analysis of human behavior are key to detecting potential insider risks before they escalate. The Power of AI:...