In today’s environment of advanced persistent threats it is essential for organizations to have near real-time knowledge of their enterprise IT infrastructure so responses to external and internal threats can be made swiftly.
A successful continuous monitoring program provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies. A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static cybersecurity process into a dynamic process providing essential security protection.
The challenge of continuous monitoring
Unfortunately there is no one single continuous-monitoring-in-a-box solution for critical infrastructure owners and operators. We have an ever-evolving patchwork of tools and processes focused on allowing organizations to view the health of the connected environment.
Continuous monitoring sounds like a simple solution to combat cyber-intruders. In theory with unlimited technology, funding and human talent, the challenge would easily be addressed. An organization would simply configure its networks and applications to automatically report in real-time all their connections and other various bytes of machine-generated data to logs for analysis, continuously analyze this data and wait for the signals of cyber-intruders to show up.
However, in the real world, where real technical, budgetary and human resource constraints exist, organizations face significant challenges to continuously monitor their infrastructure successfully. This is especially true at the federal government agency level, where networks produce an astounding amount of data and log files quickly grow exponentially in size.
The most valuable intelligence continuous monitoring can provide is situational awareness. Situational awareness is a term that refers to knowing what is around you, where it’s going, what it’s doing and how it might affect you. Situational awareness is important in work that involves significant consequences, such as military operations, piloting aircraft or managing a large enterprise. In cyberdefense, situational awareness is a prerequisite for meaningful action. After all, if you don’t understand what is happening, how can you make the right decision?
Continuous monitoring is, at its most elementary level, inwardly focused on activities such as vulnerability assessment and patch management. The strategic goal is to provide situational awareness of systems and their potential vulnerabilities. Yet simply knowing a problem exists doesn’t offer protection. One has to be able to act correctly and in time to keep up with the evolving threat and minimize risk.
When screening and evaluating available technology solutions, agencies should think about continuous monitoring as both an organizational and a technology challenge. They should seek a solution that increases situational awareness and enables an automated response.