Challenges That Keep Security Leaders Awake at Night

June 20, 2019

Apoorva Ravikrishnan

Panaseer commissioned Censuswide to conduct a survey of 200+ senior security leaders working in large enterprises to create a peer report with the objective of understanding the issues that hamper cybersecurity posture in an organisation. You can find the survey results and analysis on Panaseer Security Leader’s Peer Report. 

It is interesting to note that the top challenge keeping security leaders awake at night is not to do with sophisticated cyber-attacks or the need to invest in the latest technologies. It is the lack of complete visibility of all the assets in an enterprise including devices, applications, people and data and difficulty in understanding security control coverage on these assets. However, addressing these visibility issues, or getting the basics of cybersecurity right is often overlooked as the ‘boring’ branch of cybersecurity. 

The survey findings are in line with the trend we have observed since last year; many organisations have shifted gears and started working towards a proactive approach to cybersecurity. And the first step to a proactive approach is getting the fundamentals of cybersecurity right. 

Challenges in reporting 

Lack of visibility and lack of trustworthy data stands in the way of getting trusted security metrics for reporting. Arguably, this is one of the biggest challenges in the minds of the security leaders, as gleaned from the survey.  

89% of large enterprises have concerns based on lack of visibility and insight into trusted data. 

Most security initiatives are driven by external factors such as regulations and audit points, and internal factors such as boarddriven initiatives. Since they all involve high-level stakeholders, it is the responsibility of senior security leaders to ensure that the security reports created by the security and IT teams are based on trusted data. 

Ensuring security strategy and initiatives are based on trustworthy data with complete visibility will not only assist in improving the cybersecurity posture of an organisation but also enable an organisation to automate reporting. 

Lack of visibility 

The survey identified that 55%  of organisations have more than 50 tools. In fact, over a quarter of respondents (26.5%) claimed to be running 76+ security tools across their organisation. 

The high number of tools means high numbers of information silos, making it difficult to get a central and unified view of enterprise-wide security. In addition to this, digital transformation, which has become an inevitable part of business strategy, has led to the advent of complex IT infrastructure. Organisations often struggle to identify the numerous devices, applications and other technical assets on their network, let alone manage security coverage and understand if the controls are performing within policy. 

Despite the presence of high number of tools, the means to extract visibility related information is limited to discovery tools such as CMDB and vulnerability scanners. And the visibility created by these tools is never complete. This is because typically, discovery tools rely on agent-based or agent-less monitoring to build inventory lists and there is a high likelihood of assets falling through the cracks in both methods. 

For example: in agent-based monitoring, the agents require regular and constant maintenance; otherwise, there is scope for file corruption and connectivity challenges. The issues get compounded in large enterprises with distributed geographical locations and an enormous list of assets. This gives rise to the possibility of unmanaged assets.  

On the other hand, agentless monitoring comes with a different set of limitations; its breadth and depth of coverage are limited compared to agent-based monitoring, again creating possibilities for assets to slip through the cracks. 

A complete and accurate asset inventory list can be achieved by analysing various data sources to complement the IT asset inventory tools being used, so gaps in CMDB and vulnerability scanners can be identified, reducing unmanaged assets. In order to avoid deduplication of data, data from various sources must be consolidated. 

Automation is the solution 

Consolidating data, especially disparate data from multiple sources manually, is not feasible without automation. There is a requirement to ensure seamless data unification and avoid duplication by performing single entity resolution. 

Automating the process of collecting data from various sources across the business, IT and security, data unification and performing single entity resolution not only makes the process of analysing and consolidating the data from various sources less challenging but also improves trustworthiness (as automation will reduce errors that are common in manual analysis and compilation). Additionally, reporting becomes timely and real-time, providing a trusted view to various stakeholders rather than being pointintime. 

If you recognise some of these challenges or would like to share more about the challenges you are facing, please get in touch.