From: FierceCIO
One on one with Tenable CEO Ron Gula: Basic guidelines and continuous monitoring yield better risk management
By Paul Mah
It seems like every other day now we either hear about the discovery of another software vulnerability, or of a new security compromise in a large organization. So is there any way at all that hackers can be kept out of corporate networks?
While there are things that enterprises could be better at, they aren’t as bad as they seem, says Ron Gula, founder and CEO of Tenable Network Security. Tenable is the maker of the Nessus vulnerability scanner, and Gula himself is an engineer with extensive experience consulting with Fortune 200 companies.
He shares with FierceCIO:TechWatch his thoughts on topics such as continuous monitoring, whether a vendor centric approach is bad, and how enterprises can reduce their risk profile.
FCIO: Can you tell us more about continuous monitoring and how it can help improve security in the enterprise?
Continuous monitoring is the ability for an organization to get real-time risk monitoring at scale. Traditionally, organizations ran real-time tools, such as network intrusion detection, antivirus and firewalls, to block bad activity and only performed periodic testing to find risks. In other words, they looked for bad guys in real-time but risk in a rather slow manner. With continuous monitoring, this is made as close to real-time as possible.
FCIO: What are some effects that continuous monitoring can have on compliance and security?
The biggest effect is that risk can be reacted to on a daily basis. Regardless if your organization has limited resources or can react in real-time, knowing the true risk to your organization allows you to protect the business much better. For example, a complaint I often here in large enterprises is that is takes too long to deploy patches, often longer than 30 days. Because of this, the organizations also want to do an assessment of their network for vulnerabilities any faster than 30 days. I reject this and say that if you have very limited resources and can only fix one thing or a few things, you better be fixing the number one and worse risks to your network.
Another side effect is less cost to manage your network. It seems counter intuitive, but according to IT compliance models such as ITIL, the earlier you can find an issue, the quicker it is and less costly it is to fix it. The cost of fixing something isn’t measured in just applying a patch, but usually in changing a policy or a procedure somewhere else. Identifying small deviations from policy, which impact security before they become widespread, helps reduce the overall cost of fixing things.
FCIO: What are some of the biggest challenges to security threat management in recent years?
The biggest issue I see is the perception that we can’t win. Every day we hear about how hackers have stolen data from the government, how there are new risks in all of our software and how privacy is really a thing of the past. In reality, most of the organizations I know have really good handles on all of this. They could be better in some areas, but for the most part, it isn’t as bad as it seems.
Leave a Reply