Michael Fimin is CEO and co-founder of Netwrix.
The IT marketing community is masterful at creating buzz words — “big data,” “cloud,” the “Internet of Things,” “artificial intelligence” and more. Now the new buzz word “visibility” is popping up everywhere. During the RSA Conference 2016, nearly every vendor talked about visibility when discussing solutions that cover a certain part of the IT infrastructure or solve a particular problem. Visibility was widely discussed during sessions, and for the second year in a row, Amit Yoran, president of RSA, mentioned visibility in his speech, calling it a core part of any security strategy.
Just what does it actually mean to have visibility? If we can’t see what is happening with sensitive data and systems, we simply cannot claim our IT infrastructure is secure. But just collecting log events without extracting meaningful data is of limited value — investigating incidents takes too long, and you can’t adjust your cyber-security strategy quickly to address emerging risks. Visibility provides the background information that gives context and helps you to better understand how your employees interact with corporate data.
Visibility into what is going on across the entire IT infrastructure is a key component of any cyber security strategy. However, the recently released 2016 Netwrix Visibility Report revealed that organizations worldwide still struggle to gain complete visibility into their IT infrastructures. Most companies lack visibility across their IT networks (65 percent), unstructured data and files storage (78 percent), and cloud or hybrid environments (75 percent). The majority of the respondents had either zero or limited visibility into regular and privileged user activity, including the activity of third parties.
Any IT pro who looks at the variety of “visibility” offerings from different vendors can easily get lost. It’s critical to dig deep and ask what the differences are between these solutions. Here are a few key features to look for:
- The simpler the solution is, the faster you can integrate it into your infrastructure, and the easier it will be to maintain. Just think about your SIEM solution. If you need expensive, hard-to-find professional staff and special knowledge to configure and maintain it, it’s hard to quickly and fully benefit from it.
- The global 2016 IT Risks Report conducted by Netwrix found that most organizations stress the importance of visibility and believe they have implemented adequate security controls. Yet, when they were asked about the cyber risks they were exposed to over the last year and their ability to quickly find a root cause of an incident, it became clear that they have far less visibility than they need. Look for a visibility solution that quickly provides the actionable information you need to quickly resolve any issue.
- Single pane of glass. Another essential feature is the ability to cover multiple IT systems and parts of IT infrastructure, track all types of changes and access attempts, and deliver information in an easy-to-read and unified format. According to the Voice of the Enterprise: Information Security Survey (Q3 2015) conducted by 451 Research, only 22 percent of SIEM users manage to use all data for analysis. This selectivity and lack of comprehensiveness poses a great security risk. Since no system is completely isolated, any system that is compromised can serve as a gateway to others. For that reason, the more systems a visibility solution can support, the more in-depth cross-system analysis is available and the faster you can detect malicious activity.
- Hybrid cloud support. According to Gartner, cloud technology is rapidly capturing the market, with 77 percent of organizations expected to use the cloud by 2017. However, most of them will choose hybrid cloud implementations, mainly out of security concerns. Therefore, look for a visibility solution that can ensure smooth operation and monitor user activity in various hybrid scenarios that combine on-premises, public cloud and private cloud infrastructures.
- Support of API. Be sure the visibility solution you choose provides maximum interoperability with your current systems and future investments via API integrations. This will enable your organization to be independent from any particular vendor’s offerings and ensure that you can monitor user activity across all applications, including cloud-based apps.
According to the Netwrix 2016 IT Risks Report, 78 percent of organizations believe that visibility into IT changes improves IT security and data governance. Deep visibility into every level of the IT infrastructure gives you control and provides the context you need to quickly respond to cyber security incidents. By being able to quickly correlate user activities with changes to data and security configurations, you can detect misbehavior in a timely fashion and minimize the damage from security incidents.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.