IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Questions every security and risk management leader should ask

Tue 30 Apr 2019
FYI, this story is more than a year old

Although some industries may be targeted more often than others for cyber attacks, every organisation across every major industry, from utilities and manufacturing to the public sector, must take necessary security precautions and make cybersecurity a top priority and investment, according to Forescout. 

Forescout APJ senior director Steve Hunter says, “Making the best investment with a potentially limited security budget can be a daunting task for security and risk management (SRM) leaders. Some of the reasons for this include the fact that no two organisations are identical, which means that the security mindset is also different. Cyber threats are also evolving at a remarkable pace, making it difficult to ensure protection against the latest threats.” 

In addition to evolving threats, the cyber landscape is also changing rapidly. Traditional IT networks and infrastructure are becoming increasingly intertwined and connected to operational technology (OT) networks and infrastructure. Consequently, devices typically limited to the IT environment, if unsecure, can put entire OT networks at risk. Each device expands the attack surface, giving bad actors more opportunities to access the network. 

Add to this the number of security vendors exploding dramatically in recent years, with some estimates suggesting there are more than 1,200 vendors competing for a slice of the current global cybersecurity market value of more than $120 billion. 

Hunter continues, “Overcoming these challenges in decision-making is critical not only to the defence of individual organisations but also to the defence of entire industries across the globe. As we’ve seen time and again, cyber adversaries are quick to capitalise on singular weaknesses to gain a foothold elsewhere.” 

To help businesses and organisations simplify the decision-making process and also minimise the time to deployment, and ultimately a more secure network environment, Forescout has assembled a list of seven key questions, based on key research from Gartner, that every SRM leader should ask before deciding which security product is the best one for their organisation. 

1. Is the solution vendor-agnostic? Too often, organisations identify what they think will be a security silver bullet, only to discover after purchase and implementation that the product is not compatible with other products or applications on their network. 

More than a poor investment, those organisations also suffer the headache of frustrated end users and wasted resources, and, their organisation is ultimately no more secure than before the purchase was made. It is critical that products are vetted to ensure they are compatible and vendor-agnostic. 

2. Does the solution provide asset discovery to enable operational continuity and system integrity? Asset discovery is a critical foundation for effective defence, as well as ensuring reliable operations. Often organisations, even those with good asset inventory and asset management practices, will fail to account for every device that’s on their network. A good security solution will let organisations identify and inventory every connected device on their network in real time, regardless of device type. 

3. Does the solution detect and alert on known common vulnerabilities and exposures (CVEs)? Whitelisting and generic anomaly detection are common OT security approaches. Whilst important, the best approach should include a well-mapped OT system CVE discovery for faster detection and to improve risk management from Day 1. In today’s cyber terrain, early understanding of an organisation’s OT exposure can mean the difference between headline news and swift remediation and mitigation. 

4. Can the solution evolve from mirror mode to in-line security? Active prevention may be a desired, long-term goal when it comes to monitoring and detection, however, many organisations lack either the security maturity or necessary resources to enable such features as part of initial deployment. 

However, as the organisation matures, it’s important to have the option to switch from passive detection to active prevention. Ensuring this feature is available up front will also prevent the need for additional expenses down the road. 

5. Does the solution provide IT support in addition to OT? This question is especially important to ask when seeking to protect an OT environment. Because OT attacks have historically started in the IT environment, then stealthily moved laterally into the OT environment, it’s important to detect IT-originated but OT-targeted attacks before they reach the intended target. In short, decision-makers should ensure the product is effective in both IT and OT environments. 

6. Does the solution support secure IT/OT alignment? IT-OT convergence is on the rise; yet, the supporting infrastructure and networks differ significantly and can’t be treated the same when it comes to cyber defence. In other words, the security best practices and technologies that work in an IT environment cannot always be expected to effective, if even possible, in an OT environment. 

It’s critical, then, that decision-makers evaluate a product not only on its ability to protect both environments but also on its ability to integrate with other security solutions, protocols, software and hardware. 

7. Is the solution designed to live in an OT environment from a hardware or operating environment perspective? Many solutions are designed to function within the comfort of a temperature-regulated server room with a backup power supply or generator; the type of facility typically provided in IT environments. 

OT environments, on the other hand, do not always afford such controlled environments and, as a result, can test the limits of many solutions. It’s important to account for the environmental conditions where the product will be used and ensure the solution can run in sites requiring support for hazardous environment operations. 

Steve Hunter concludes, “Choosing the security solution that’s best for an organisation isn’t easy and when evaluating the various vendors, the true value of one solution versus the other can be difficult to quantify. 

“However, it’s worth investing effort up front to flesh out the evaluation criteria in detail with envisioned use-cases plus expected benefits. That, along with asking vendors the tough questions on how’ll they’ll support the use-cases and deliver the expected benefits, will not only help organisations find the right solution but also help them arrive at that conclusion faster.”

Related stories
Top stories
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Story image
Atturra partners with Focus HQ to support Aus organisations
Atturra has executed a partnership agreement with Focus HQ, to resell and support the company's Australian developed SaaS-based portfolio management platform.
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
Story image
Telstra and Silver Trak Digital delivers 5G to the cinemas
Telstra and Silver Trak Digital say they've launched Australia's fastest and most secure delivery of content over 5G for cinemas.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
HackerOne launches Attack Resistance Management solution
HackerOne has launched Attack Resistance Management - a new category of security solution that targets the root causes of the attack resistance gap. 
Story image
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Story image
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Remote Working
How organisations can meet employees' changing expectations
The global employment market has shifted dramatically in favour of employees, sparking the so-called great resignation, in which people are leaving unsatisfying roles in search of greener pastures.
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Three key security challenges facing the Australian insurance industry 
Insurance companies must ensure they proactively address security challenges and protect the privacy of customer data.
Story image
Power / Energy
Keysight Technologies introduces new next-gen DPT solution
Keysight Technologies has announced its new next-generation Double-Pulse Tester (DPT) with the PD1550A Advanced Dynamic Power Device Analyser.
Story image
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
HubSpot launches 'The Great Upskill' week to inspire learning
Brands across APAC including Google ANZ, MessageMedia, Meltwater, Seismic and Aircall, will give their employees a full workday to dedicate to upskilling.
Story image
Avaya OneCloud sees 118% ARR growth for second quarter 2022
Avaya Holdings has reported $750 million annual recurring revenue (ARR) for its OneCloud offering, up 21% sequentially and 118% from the same period last year.
Story image
Siemens showcases new automated solutions for data centers
Siemens has implemented new automated solutions and AI in the Baltic region's largest data center, providing insight into the future of data center management.
Story image
Could your Excel practices be harming your business?
While Excel has been the de-facto standard for budgeting, planning, and forecasting, is it alone, enough to support organisations in the global marketplace that’s facing rapid changes due to digital transformation?
Story image
Jabra investigates what makes an ideal hybrid work model
“The way we work has changed forever and the current state of knowledge work requires access to digital platforms and technologies to be successful."
Story image
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Power / Energy
SmartCIC report reveals top five 5G carriers in the world
The Global Cellular Performance Survey also found that 5G networks are delivering high download speeds but lagging in upload speeds.
Story image
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Story image
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Wasabi Technologies
Wasabi opens new cloud storage in Australia with Equinix
Wasabi Technologies has opened a new hot cloud storage region in Sydney, Australia, using Equinix services. This is the company's 12th global storage region.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Digital Transformation
Unlocking the next digital frontier for educational institutions
Understanding where to invest in technology can be challenging for education institutions, especially after the COVID-19 disruptions.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Amazon Web Services / AWS
Databricks strengthens AWS partnership with new Lakehouse offering
Customers will experience faster onboarding and unified account administration to make building a Databricks Lakehouse on AWS easier.
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Employee Experience
Zendesk launches customer service and employee experience offering
"Zendesk is helping businesses embrace this new generation of conversational customer relationship management and turn customer service into growth.”
Story image
Employee Retention
Company values increasingly important in post-pandemic world
New research released today reveals that company values are the new currency when it comes to employee retention in a post-covid economy.
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Story image
SmartCIC, BICS partner to expand wireless service options
SmarCIC has partnered with BICS to increase choice for organisations using fixed wireless services, expanding existing carrier relationships for its CELLSMART division.
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Energy storage demand momentum continues, says BYD
BYD has announced an expansion of its production capacities and will deliver 250,000 units of its energy storage system, BYD Battery-Box Premium.
Story image
Kodari Securities (KOSEC)
NFT trends and opportunities: expert reveals all
The NFT market is growing at an exponential rate, with unprecedented liquidity. Here we explore how businesses can profit.
Story image
ThoughtLab reveals 10 best practices for cybersecurity in 2022
The benchmarking study reveals best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen.