Automated cybersecurity across your digital terrain
Constantly changing digital realities and a shrinking talent pool continue to pose a security challenge for organisations, but cybersecurity provider Forescout believes automation may be the solution.
Sukhbir Sandhu, Regional Director, ASEAN of cybersecurity provider Forescout, pens a piece on the role of automation in cybersecurity. Image: Forescout
Every organisation also has its own security framework – a mix of industry best practices, board mandates and regulatory requirements, combined with its security policies and risk management practices. The goal for organisations is to have their digital reality align with their security framework.
Unfortunately, constant changes – everything from device decay and software failure to mergers and acquisitions – drive digital realities out of alignment with the framework. These changes constantly widen the gap in security risk posture, result in business risk: the next disruption, audit failure, operational safety concern or production outage. Meanwhile, the security talent pool is shrinking, and IT teams are stretched thinner than ever.
“Singapore is amongst the elite list of countries that lead the world in digital transformation, but with it comes explosive growth in the number and types of connected assets to be managed,” says Sukhbir Sandhu, Forescout’s regional director for ASEAN. “Add to that an evolving threat landscape and severe cyber skills shortage. Security teams don’t need more point products. They need a force multiplier – a platform that makes their team more effective and enabled to focus on what really matters.”
That’s where Forescout comes in - a leading provider of automated cybersecurity, with a 22-year record of protecting many of the world’s largest companies and most trusted organisations in finance, government, healthcare, manufacturing, and other industries across 90 countries.
The company has come a long way from its roots in network access control to offering the Forescout Continuum Platform, a comprehensive platform that automates cybersecurity across digital terrains – in IT, IoT and OT. With the acquisition of CyberMDX in February, we have broadened our cover to encompass the Internet of Medical Things, which requires medical IT protocol expertise and the use of artificial intelligence. Today, Forescout has more than 3,000 customers and 1,000 employees worldwide, with headquarters in the U.S. and a strong presence across the Asia-Pacific.
Automation to mitigate the cyber skills shortage
Sensational cyberattacks make headlines, but the biggest cybersecurity threat is the cyber skills shortage. IT teams are stretched thinner than ever, especially in Singapore, as the country moves forward with its Smart Nation agenda.
Organisations have invested heavily in multiple security tools that are each sold separately and don’t necessarily work together. The bane of having so many point solutions is the flood of information they produce about potential harm, not all of it urgent. Security teams must manually sort through a cacophony of uncategorised, unaggregated and unranked alerts to locate policy violations and vulnerabilities that pose a real risk and prioritize response.
“We hear all the time from SOC managers, ‘Our tools send alerts but don’t fix the incidents automatically,’ and, ‘Our systems can detect risk but can’t mitigate it,’” says Sandhu. “Battling alert fatigue only to perform rote, menial tasks can wear down even the most dedicated staff.”
Forescout Continuum continuously discovers, auto-classifies, and assesses all assets – IT, IoT, OT and IoMT – capturing what type of device is connecting, who is using it, and where and how it is connecting. It then shares device context and automates workflows across security tools to accelerate response actions, leaving SOC teams to focus on what requires human intervention.
Forescout Continuum also calculates a risk score based on the configuration, function, and behaviour of connected devices. By correlating risk scores with traffic flows between devices, Continuum can assess the blast radius to critical assets.
In July this year, Forescout acquired threat intelligence provider Cysiv, whose data-powered insights enable customers to leverage actionable threat detection and response. Cysiv’s threat intelligence engine collects data 24/7 from the Forescout Continuum Platform and reduces the billions of data points on each customer’s network to a handful of actionable threats they need to pay attention to.
CISOs are increasingly responsible for maintaining a holistic asset inventory for all connected assets, including IoT and OT assets, but security teams still have little visibility into these largely unmanaged assets, many of them “insecure by design.” This makes them good entry points or attack vectors for threat actors.
With the acquisition of SecurityMatters in 2018, Forescout gained deep experience managing standalone OT environments (which are increasingly rare) as well as converged OT/IT networks. These include both industrial environments and critical infrastructure.
Forescout Continuum facilitates segmentation by visually mapping traffic flows and identifying what should and shouldn’t be communicated based on how assets are classified and its interaction policy. With a traffic matrix, you can reverse engineer your segmentation policies based on simulations that illustrate the impact of various changes without causing disruption.
Renowned cybersecurity research
Forescout’s threat intelligence and research team Vedere Labs leverages the Forescout Device Cloud, one of the world’s largest cyber asset repositories. It stores anonymized data from more than 15 million deployed IT, IoT, IoMT and OT devices. This intelligence in turn feeds Forescout Continuum to supply the most accurate asset auto-classification and threat detection available.
Vedere Labs also alerts customers and government agencies, about emerging risks and provides mitigation steps through threat briefings and vulnerability disclosures.
You can’t expect to eliminate risk, but you can manage it. Together, automated workflows, risk scoring and actionable threat intelligence position organisations to be cyber-ready for whatever comes their way, whether internal or external.