The US Navy previously took months to identify devices connected to their networks, determine their security levels, and prepare data for compliance audits – an onerous task, to say the least.
But it has deployed a cybersecurity scanning tool by Tanium, which helped it to cut down this process to minutes. It is now able to rapidly spot cyber intrusions that require more attention, and ensure machines are constantly patched and secure.
Visibility and speed are crucial in cyber response as organisations battle a surge in cyber attacks. “You can’t secure what you can’t see, and so the problem is what you can’t see,” says Alvin Tan, Regional Vice President of Tanium. Tan and Darren Patt, Director of Strategic Accounts at Tanium, share more.
Cybersecurity is a marathon
The world has witnessed a rapid digitalisation especially as Covid-19 rendered many physical and manual processes irrelevant. Coupled with the shift to remote working, organisations’ attack surfaces are expanding rapidly, Tan says.
Organisations may invest in a next-generation antivirus or a next-generation firewall product, hackers will somehow still infiltrate the network. Many are “leaving their front door open” when it comes to the many devices connected to the organisation’s network, Patt says.
With hundreds and thousands of devices being connected to the network, IT teams tend to overlook some missing devices thus leaving their posture unknown and unmanaged. These devices then become avenues for hackers to enter the network, Patt says.
Cybersecurity is like a “marathon”, and organisations need to look at it on a “continuum”. They need to check-in constantly to ensure their systems are up to date with the ever-changing nature of cyberattacks, Patt adds.
Real-time visibility and speed
Organisations need visibility to detect vulnerabilities and react decisively to threats. There are two aspects to real-time visibility, Tan and Patt explain.
First, organisations must know what assets they have, and the state of their cyber hygiene. “Are all the vulnerabilities patched the way they should be?” Tan says. Tanium helps organisations answer this question “within seconds”.
It allows each device to function as a sensor, which helps to keep track of new devices connected to an organisation’s network. This helps security teams identify loopholes and secure them quickly.
Second, organisations need to respond quickly in the event of a breach. Having real-time visibility over all endpoints provides security analysts with timely information, enabling them to swiftly contain the situation before it gets out of hand.
Tanium has worked with the US Air Force to enable real-time visibility across all their systems. This was instrumental in protecting the agency against the May 2017 WannaCry ransomware attacks, the Air Force’s former CIO said. Security teams were able to scan the entire network in just 41 minutes and automatically patch security vulnerabilities, a process that typically takes days or weeks.
Re-evaluate current approaches
Governments need to re-evaluate their approach to endpoint security. As hackers constantly rain attacks on organisations, industry standards need to be raised.
Tanium believes that organisations should start to impose a requirement for real-time visibility. Many agencies often do not consider the speed in which a tool can identify threats, Tan says.
The demands of cybersecurity are always changing, as hackers continuously adapt to new solutions. As the number of endpoints are always changing, it is more important than ever for organisations to maintain real-time visibility over their networks.