It is no longer true that security breaches merely constitute a technical risk to an organisation's IT department. Such breaches have also moved beyond the simple reputational damage they can cause to a company. Today, security breaches constitute a genuine threat to a business because such disruptions are ultimately financial, rather than IT-related in scope.
It should be remembered that IT is now a core enabler of business, says Maxtec, a South African IT services provider specialising in security, storage and networking solutions. Bearing this in mind, any disruption to IT will have a financial impact on the business.
This, adds Maxtec, is because many organisations today have data that is genuinely valuable to attackers. In the past, most security breaches were about mischief-making by hackers, who created little more a nuisance of themselves. Today, however, there are cyber crime syndicates that focus specifically on maximising monetary returns from stolen information, with credit card fraud the most obvious example.
Gavin Millard, a director at Tenable, one of the world's leading providers of security solutions and for whom Maxtec is the sole South African distributor, says to understand the security situation today, one must first be aware of the larger landscape.
"As time has gone by, organisations' infrastructure has exponentially increased, to the point where today we are faced with a huge rate of IT infrastructure growth. What this, in turn, has done, is to increase the attack surface for cyber criminals. More crucially, many enterprises are not even aware of what IT assets they own and where these are. Add to this the fact that many of these devices have different configuration files and run third-party applications and it is clear most businesses have lost control of their IT infrastructure," he says.
"Our answer to this is SecurityCenter, a solution that asks the simple questions that help the business overcome the above challenges. It is firstly able to answer the question 'what do I have out there?' by providing the enterprise with solid numbers around what systems and devices it has in use. This is the most fundamental of information, yet organisations without SecurityCenter are unlikely to have that answer."
Of course, adds Millard, knowing what you have out there is only half the battle; it is equally important to know what is vulnerable to attack. And once you have access to this information, you still need to understand where the most critical vulnerabilities are, in order to address these immediately.
"SecurityCenter is designed to not only identify all the vulnerabilities your business may be facing, but to also rank the severity of each one, enabling you to understand which are critically dangerous and which are non-impactful, allowing you to prioritise which vulnerabilities you repair first."
He likens it to buying an old house. There are, he says, many problems that will need to be fixed, but it is pointless trying to repair a broken floor tile when you have no front door. Worse still is that in a business sense, most companies cannot tell the difference between the broken tile and the missing door - that is why SecurityCenter is such a valuable tool.
"Perhaps the most important aspect of the solution is the analytics it provides to customers. In effect, SecurityCenter provides accountability by not only determining how many vulnerabilities a business has, but also providing an audit trail of how quickly these are dealt with and how effective the repair is.
"Tenable, and our South African partners Maxtec, see our role as being one in which we assist enterprises to make the right decisions. We are well aware that business already takes security seriously, but because organisations don't always properly understand the problem, they end up asking the wrong questions. We are here to not only help them ask the right questions, but to provide them with the answers as well," concludes Millard.
Share
Editorial contacts