Networks are noisy. From heartbeats to probing, from legitimate database extracts to covert data exfiltration, from sensor telemetry to malware infusions, there is an enormous amount of traffic on your network. Without a strategic and diligent approach, It is difficult to know how much of your traffic is appropriate. Long gone are the days when volume alone was the biggest hint that you were under attack.
Bill starts the discussion by reminding us just how much the network and the devices on the network have changed. In the last decade, we have seen not just an explosion in data volume, but a significant change in control as to how the network and the applications and devices on it are acquired, deployed and exploited for business utility. Bill also highlights the need to look at a wide range of activities to successfully monitor the organization’s infrastructure.
Matt reminds us that monitoring involves more than just checking the flashing lights for activity and sniffing packets. His advice for program monitoring shows us the broad range of health indicators that the CISO must be concerned with and how important it is to be integrated with the lines of business to know what matters to the entire organization.
Gary emphasizes the need for continued diligence through scanning, monitoring, and remediation before addressing the critical requirement for having a deep understanding of the health and security of your applications. To end this chapter, he brings the discussion back to one of our favorite topics: metrics.
Some of the questions the authors used to frame their thoughts for this chapter include:
|· As a CISO, what frameworks, security controls, or processes would you recommend to continuously monitor your organization to prevent or mitigate a data breach?
· What framework and/or processes should a CISO use to remediate vulnerabilities and search for malware in their organization’s application portfolio?
· Your organization experiences numerous unauthorized attempts to breach its enterprise networks. What metrics are important to your enterprise cybersecurity program to enable it to see these attempts?
Copyright © 2016, 2018 CISO DRG JV – All Rights Reserved.