Good cyber hygiene helps the security team reduce risk. So it’s not surprising that the line between IT operations and security is increasingly blurred. Let’s take a closer look.
One of the core principles in IT operations is “you can’t manage what you don’t know you have.” By extension, you also can’t secure what you don’t know you have. That’s why visibility is important to IT operations and security. Another important aspect is dependency mapping. Dependency mapping is part of visibility, showing the relationships between your servers and the applications or services they host.
There are many security use cases where dependency mapping comes into play. For example, if there’s a breach, dependency mapping offers visibility into what’s affected. If a server is compromised, what is it talking to? If it must be taken offline, what applications will break?
To further erase the line between IT operations and security, many operations tools have a security dimension as well.
What is good cyber hygiene?
Good cyber hygiene is knowing what you have and controlling it. Do you have the licenses you need for your software? Are you out of compliance and at risk for penalties? Are you paying for licenses you’re not using? Are your endpoints configured properly? Is there software on an endpoint that shouldn’t be there? These questions are all issues of hygiene, and they can only be answered with visibility and control.
To assess your cyber hygiene, ask yourself:
- What do you have?
- Is it managed?
- Do managed endpoints meet the criteria set for a healthy endpoint?
Think of endpoints in three categories: managed, unmanaged and unmanageable. Not all endpoints are computers or servers. That’s why good cyber hygiene requires tools that can identify and manage devices like cell phones, printers and machines on a factory floor.
There is no single tool that can identify and manage every type of endpoint. But the more visibility you have, the better your cyber hygiene. And the better your risk posture.
Work-from-home (WFH) made visibility much harder. If endpoints aren’t always on the network, how do you measure them? Many network tools weren’t built for that. But once you know what devices you have, where they are and what’s on them, you can enforce policies that ensure these devices behave as they should.
You also want the ability to patch and update software quickly. When Patch Tuesday comes around, can you get critical patches on all your devices in a reasonable time frame? Will you know in real time what’s been patched and what wasn’t? It’s about visibility.
That way, when security comes to operations and says, “There’s a zero-day flaw in Microsoft Word. How many of your endpoints have this version?” Operations can answer that question. They can say, “We know about that, and we’ve already patched it.” That’s the power of visibility and cyber hygiene.
Good hygiene delivers fresh data for IT analytics
Good hygiene is critical for fresh, accurate data. But in terms of executive hierarchy, where does the push for good cyber hygiene start? Outside of IT and security, most executives probably don’t think about cyber hygiene. They think about getting answers to questions that rely on good IT hygiene.
For example, if CFOs have a financial or legal issue around license compliance, they probably assume the IT ops team can quickly provide answers. Those executives aren’t thinking about hygiene. They’re thinking about getting reliable answers quickly.
What C-level executives need are executive dashboards that can tell them whether their top 10 business services are healthy. The data the dashboards display will vary depending on the executive and business the organization is in.
CIOs may want to know how many Windows 10 licenses they’re paying for. The CFO wants to know if the customer billing service is operating. The CMO needs to know if its customer website is running properly. The CISO wants to know about patch levels. This diverse group of performance issues all depends on fresh data for accuracy.
Fresh data can bring the most critical issues to the dashboard, so management doesn’t have to constantly pepper IT with questions. All this starts with good cyber hygiene.
Analytics supports alerting and baselining
When an issue arises, like a critical machine’s CPU use is off the charts, an automated alert takes the burden off IT to continuously search for problems. This capability is important for anyone managing an environment at scale; don’t make IT search for issues.
Baselining goes hand-in-hand with alerting because alerts must have set thresholds. Organizations often need guidance on how to set thresholds. There are several ways to do it and no right way.
One approach is automatic baselining. If an organization thinks its environment is relatively healthy, the current state is the baseline. So it sets up alerts to notify IT when something varies from that.
Analytics can play an important role here by helping organizations determine whether normal is the same as healthy. Your tools should tell you what a healthy endpoint looks like and that’s the baseline. Alerts tell you when something happens that changes that baseline state.
Analytics helps operations and security master the basics
Visibility and control are the basics of cyber hygiene. Start with those. Know what’s in your environment and what’s running on those assets—not a month ago—right now. If your tools can’t provide that information, you need tools that can. You may have great hygiene on 50 percent of the machines you know about, but that won’t get the job done. Fresh data from every endpoint in the environment: that’s what delivers visibility and control.
Need help with cyber hygiene? Here’s a complete guide to get you started.