Real-Time Situational Awareness: Never Say “I Don’t Know”

It’s 2:00 p.m. on a Tuesday. As you round the corner, you (literally!) run into your CISO. He’s been with the CIO preparing for the quarterly board meeting, and they need your help. The high profile-breaches that have occurred in the last year may cause the board to drill-in and ask questions. As Director of Information Security, you’re supposed to know best, right? But, as you know, things aren’t always so crisp and clear.

“I Don’t Know” Is Not an Option

Given the complexity of your IT infrastructure and all of the potential scenarios, you aren’t sure you actually “know” all of the answers. However, you also know that responding with “I don’t know” is not an option.

Admitting that you “don’t know” means admitting that you haven’t put in place the necessary operational intelligence you need to obtain real-time situational awareness. And without real-time situational awareness, you won’t know:

• What your real-time security posture is
• When (not if) you are under attack
• How long it takes you to respond to an attack or data breach

“Flying blind” is simply not acceptable in today’s high-stakes cybersecurity environment. Saying “I don’t know” will also be unacceptable to your board, especially since, according to the 2015 Verizon Data Breach Investigations Report, “$400 million in estimated financial loss from 700 million compromised records in 2014 shows the real importance in managing data breach risks.”

Real-Time Situational Awareness Is a Core Requirement

Real-time (or near real-time) situational awareness helps you avoid saying “I don’t know.” You can immediately respond to questions from senior management or regulators – without scrambling. You always know your IT inventory or assets, your network topology, system/device configurations, unaddressed vulnerabilities and of course, you can continuously monitor the network and system for events that indicate a compromise.

It’s Not a Matter of If, It’s a Matter of When

In today’s cybersecurity landscape, experienced security professionals accept that at some point, a breach will occur. Therefore, you must be able to:

• Predict attack paths and minimize gaps
• Continuously reduce the time it takes to effectively detect a breach
• Speed up your incident response with actionable forensic analytics (according to the Verizon report, 75% of all attacks spread from Victim 0 to Victim 1 within one day—24 hours).

Real-time or near-real time situational awareness ensures that you always know your security posture. It reduces the amount of time it takes for you to respond to a cyberattack. It also ensures you never have to say “I don’t know” when the board, CIO, or CISO asks you tough questions about your organization’s real-time security posture and how long it will take to respond to and recover from a cyberattack.