By Chris Hallenbeck, CISO of the Americas at Tanium
U.S. state and local governments have been observing the proposed State and Local Cybersecurity Government Act of 2019, especially since it was endorsed by the National Association of State Chief Information Officers (NASCIO) in July. The federal legislation contains the promise of more funding for cybersecurity efforts and improved collaboration and resource-sharing among federal state and local governments.
Overall, it is intended to provide an advantage to governments in the battle over cyberattacks. But, like so many other examples of an ongoing technology challenge that is met with the promise of resources, the additional funding that this legislation will provide could inadvertently steer things in the wrong direction.
Learning from the enterprise
More funding can actually lead to weaker defenses, not stronger ones. When IT gets a windfall, decision-makers tend to buy more tools to tackle their security issues and IT operations challenges—attempting to address each new threat or operational issue with a promising new product. But rather than providing teams with more control, these point tools add more complexity to the environment. It becomes harder to get a view on the entire IT estate, how much of it is patched and up-to-date, and where vulnerabilities lie across endpoints, both on-premises and cloud.
That’s not to say that budget relief is without merit—of course, it can help. But many large enterprises and government agencies already have 20 or more tools for security and IT operations—usually from more than 10 different vendors—already in their arsenals. For large enterprises, the number is often higher than 40.
In a rush to solve every issue with a so-called “tailored” solution, IT teams ultimately end up with a cluster of fixes that don’t work well together, and they could cause more problems cumulatively than they solve individually. It’s why these environments aren’t seeing improved IT hygiene. As a result, forward-thinking organizations are embracing a platform approach—specifically a unified platform for endpoint management and security—to simplify their environments, provide that visibility and control, and make themselves ultimately more resilient to disruption.
Bringing vigilance into 2020
Today, data flows throughout organizations in a variety of ways, including the cloud and on mobile devices. Serious visibility gaps arise when we implement architectures that were designed for a time when IT was the custodian of technology and held a tight set of reins on how it was used within the enterprise. That is, in part, why organizations underestimate their asset inventory by as much as 20%. At the scale of hundreds of thousands of endpoints, this poses a significant risk to the organization.
Obtaining data in real-time is as important as identifying where that data sits. Even organizations that have visibility into each of their endpoints might need to stitch together asynchronous data from a range of sources, such as EDR telemetry or PCI systems. If one asset is scanned for vulnerabilities every five minutes, but the other is only scanned once a month, then it is impossible to glean any actionable insight on the IT environment as a whole. The best you can do is take an educated guess.
Any government organization that wants to enter 2020 with a more robust security posture must prioritize real-time, actionable data that is drawn from all assets connected to the network.
Creating your own roadmap
So how do IT leaders begin to think holistically and make better investments? It’s useful to start with an audit. While it can be cumbersome, cataloging the capabilities that each tool provides will help to identify redundancies and provide teams with a plan of action. If any overlap exists between them, that’s an opportunity to consolidate. Doing so will improve both efficiency and the bottom line, but that’s not the only benefit. It could also help increase just how much teams can see in their IT environment.
Think of all the types of tools currently deployed, from asset discovery solutions to SIEMs an CMBDs. On an individual basis, these tools may very well provide a relatively complete, contextual or timely solution that serves its purpose. Collectively, however, they are much less effective. Visibility gaps start to develop, creating another unnecessary problem that will only get worse with time.
Resolving to plan in the new year
State and local governments are sorely in need of the funds that the proposed legislation would inject. Hackers targeted municipalities more often in 2019 than they did a year ago, and critical systems, in particular, have been held ransom. But without a holistic strategy, this blessing could quickly become a curse for any organization, with too many tools and low-quality data making organizations more vulnerable to attack. To gain resilience in the long-term, organizations should prioritize unified endpoint management and security platform that allows for true visibility and control.
About the Author
Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium’s customers ensure that the technology powering their business can adapt to disruption. Before joining Tanium in 2016, Hallenbeck worked for six years on the U.S. Department of Homeland Security’s Computer Emergency Readiness Team, where he gained a strong background in computer-related investigative work.
