From Insight to Action: Why IT Still Struggles with Visibility

May 12, 2023

People with vision impairment often face challenges in their daily lives, as it can hinder their ability to achieve their goals or require workarounds to get there. The parallels with cybersecurity and IT operations are impossible to ignore. Organizations need to know with clarity what assets they have under management, where data is flowing and where there might be cause for concern.

 

Unfortunately, many IT teams are struggling with various forms of visibility impairment. This creates the blind spots in which cyber risk and malicious activity thrive. Correcting these shortcomings should be a priority for any IT leader.

 

 

What’s at risk?

Enterprises are expanding at a prodigious rate. Even as macroeconomic storm clouds gather, the need to drive sustainable growth remains undimmed. That means doubling down on digital — whether it’s home worker endpoint devices or cloud-based containers. The result is that most organizations must now manage a complex, distributed IT environment in which legacy and modern technologies sit side by side. Gaining comprehensive visibility into this environment is vital for two reasons: to avoid wasteful spending on under-utilized resources and excess licenses, and to detect, contain and remediate any potential security risks.

 

The financial and reputational impact of failure could be significant, and a serious breach stemming from IT visibility gaps could cost millions. That’s $9.4m per data breach in the U.S, although the impact of a serious ransomware outage could be many times higher.

 

So, what does impaired vision look like in IT operations and cybersecurity, and how can we fix it?

 

 

What are the main IT visibility challenges?

The analogy with human sight is an apt one. We can identify several IT visibility challenges which align to well-understood physical conditions. These include:

 

Tunnel vision: Teams are so focused on their own products, services or data that anything peripheral is rendered almost non-existent. This means they don’t pay enough heed to what’s happening upstream and how this might impact their current operations and visibility, or how inaccuracies in the here and now might affect the state of downstream systems. This kind of tunnel vision is often a product of multiple siloed IT management tools, with each team working from their own set of data almost as a shadow IT department. A single source of the truth, generated from a centralized platform, is essential to correct this.

 

Split vision: While similar to tunnel vision, this is more likely to impact senior decision makers in an organization. The problem comes about because they are managing competing priorities stemming from different sets of data that don’t align. There’s no clarity about how or even whether these priorities are part of the same goal.

 

Double vision: This can also stem from a lack of unified, coherent data across the IT and security function. Have you ever tried to drive with two map apps systems switched on? They may try to take you in different directions, adding chaos and uncertainty where there needs to be calm and clarity. Accurate, centralized intelligence is the only way to drive confident decision making.

 

Blurred vision: When there’s too much data circulating among IT and security teams, actionable information can get lost in the noise. We can go further with the analogy here. Myopia (nearsightedness) explains the challenge of IT teams so focused on the detail that they can’t see the forest for the trees. No regard is given to downstream systems or current objectives. On the other hand, hyperopia (farsightedness) describes those teams who understand the bigger picture — their overall business goals — but lack the up-close detail to get them there.

 

Presbyopia (old sight): As the name suggests, this is a condition that stems from old age. Old data is data that is out of focus. Although historical information can help to determine trends, tasks like incident response, threat hunting and change or problem management require timely, accurate data. The longer it takes to get data back about your IT environment, the less valuable it will be.

 

Astigmatism: Finally, consider this cause of blurred vision, which often occurs due to a mismatch between curves of the lens inside the eye. In IT and cybersecurity there’s also often a mismatch — between a chosen tool and the task it is used to perform. Consider the misuse of endpoint detection and response (EDR) solutions for inventorying assets, for example. As different teams often have their own preferred tooling, this once again leads to multiple versions of the truth. Truth is not an average.

 

 

Seeing and knowing what to do

Fundamentally, organizations can’t manage, protect, administer or run what they can’t see properly. At the most extreme end there may be major blind spots in their environment which leave IT assets unmanaged and unprotected. But simply “seeing” everything is not enough. This might foment knowledge of the IT environment, but it won’t necessarily enable wisdom unless teams have the context they need to act decisively. They may spot something suspicious, but is that administrator accessing that particular database actually an enterprise risk that must be managed? Only the right context will tell.

 

This kind of effective decision making requires skilled IT practitioners, but it also depends on the right tools. That means a single, centralized source of truth for managing the endpoint estate — to not only provide near-real time visibility at speed and scale, but also the control to take remedial action swiftly. The more you know, the better decisions you can make. That fundamentally depends on accurate, timely and comprehensive data.

Tim Morris
Financial Services Strategist | Tanium
Tim joined Tanium in May 2021, after retiring from Wells Fargo, where he spent 21 years. He led the Cyber Threat Engineering and Research teams within Information & Cyber Security for the bank.

Tim has worked with almost every facet of computer and network technologies. Concentration has been with endpoint detection & response, systems & patch management, and vulnerability assessment. He has built teams that manage: endpoint security, platform engineering, incident response, digital forensics, and offensive security, i.e., "red team".

Tim was first introduced to Tanium in 2008. However, he didn't begin working with it fully until 2013. Tim was privileged to have the opportunity to be one of the first to deploy & manage Tanium at a large scale on 500K endpoints. At the same time, he was able to build one of the best cyber security engineering teams in the industry. Their effectiveness and efficiency were due in large part to Tanium - The best incident response and system management tool in the industry.

Optiv Security: Secure greatness.®

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Would you like to speak to an advisor?

How can we help you today?

Image
field-guide-cloud-list-image@2x.jpg
Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation
Image
OptivCon
Register for an Upcoming OptivCon

Ready to speak to an Optiv expert to discuss your security needs?