The more conversations I have with security professionals, the more I see them strategizing how to best secure their networks with lower operating budgets. I see more and more individuals having to deal with security issues as well as other aspects of their IT department during daily operations. Their strategy has been condensed to acquire a security solution that is easy to implement, requires low maintenance, and is nearly fully automated. It is also a plus if the solution handles multiple IT and security disciplines, such as the eEye Retina CS model, which integrates assessment, mitigation, and protection into a single solution. The overall strategy then is to deploy a solution in an automated fashion, assess the security of the environment, generate reports for both the technical and executive teams, and automatically deliver them to the corresponding personnel. This allows organizations to implement a solution that does not impact busy schedules and does not require the labor intensive efforts of running manual scans and generating reports.
Within many businesses, the focus seems to be around Microsoft and their security updates. Often, the focus is even narrower and is only around a server environment, including only performing non-credentialed scans. Workstations and laptops are left off an assessment and only covered if time permits. It rarely does.
I always try my hardest to encourage all my clients to scan, analyze, and protect every device in an environment as any of them could be used against you in an attack. Also, Microsoft is not always your biggest threat. Having a solution that can properly identify all of your threats regardless of the operating system or application is crucial. Platform specific assessment does not provide a good perspective with the mix of devices almost all businesses have deployed. From a regulatory compliance perspective, we are seeing a strong increase in businesses needing to be PCI compliance due to the ubiquitous acceptance of credit cards. 10 years ago, retail establishments represented the bulk of businesses that took credit cards; today you are hard pressed to find a business that does not. With this, I am seeing that the mid-markets are having to adhere as well and the restrictions are as stringent and complicated as ever. This is forcing many companies, for the first time, to look into performing vulnerability assessment against many compliances in addition to PCI. Again, the focus on ease of use becomes a huge factor.
An increasing amount of attention is rightly paid to the reporting capability of these security products. Whether you are concerned with Microsoft patching, vulnerabilities in general, or a particular set of regulatory compliances, being able to get the reports that make sense and deliver the information in the correct format with proper references is definitely required. I see many security IT personal wasting time manually consolidating data from multiple sources to build executive reports because of the lack of customization and reporting capabilities in their current tools. I find this to be unacceptable; one should not spend time manually putting together reports when this time could be better used in other tasks. A security tool should work for you; you should not work for it. The right reports and ability to customize these reports is key. As seen with eEye’s Retina CS and Retina Insight solutions, it should be easy to create reports, customize them, and automatically run them behind the scenes on a scheduled basis with little to no user intervention.