This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. If you don\u2019t watch it, it still happens, (trees in forest fall and still make sounds), you\u2019re simply not aware to possibly prevent the issue, to control the damage, or protect the assets for spiraling beyond your control. Once you know what needs to be monitored and the baselines (risk tolerance) of what constitutes alerts and other suspicious activity, then you can build a program and standardize that configuration and analyze the results to make adjustments.Recently the Department of Homeland Security director of federal network resilience noted: as you move to standardize configurations networks are not only more secure but they lower operational costs.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\n
<\/p>\n
In this case, our working definition of \u201ccontinuous\u201d is unique for every organization and needs to be commensurate with their risk and resources.<\/p>\n
<\/p>\n
Correlation: In the modern enterprise, there are simply too many silos of information, too many endpoints for access, too many variables of risk and not enough visibility or resources to properly protect all the assets of an enterprise. Correlation needs to tie together the cooperative capabilities of such tools as SIEM, Log Management, Identity and Access Management, malware scanning, etc\u2026 If security is about maintaining visibility, correlation would be its magnifying glass.<\/p>\n
<\/p>\n
Compliance: The common thread for the alphabet soup that is compliance (HIPAA, PCI, FISMA, FFIEC, CIP, SOX, etc\u2026) is the need to know who is logging in, accessing what assets and ensuring only the appropriately credentialed users can do those things. When you are dealing with sensitive information like credit card numbers, social security numbers, patient history\/records, and the like, the need to have a strong and continuous monitoring initiative is not just a driving force to avoid fines, but it is the basis of good and trustworthy operation.<\/p>\n
<\/p>\n
So much has been written about compliance and network security, so that all I will add is understand the responsibility you have towards customers, partners, employees, users, accurately calculate the risk in maintaining their information and vigilantly maintain the monitoring process that makes you a good steward of their trust.<\/p>\n
<\/p>\n
The continual increase in daily network threats and attacks makes it challenging to maintain not only a complex heterogeneous environment but to also ensure compliancy by deploying network-wide security policies.<\/p>\n
<\/p>\n
Addressing the issue from the cloud solves several pressing issues while providing the necessary heft to create the visibility to govern credentialing policies, remediate threats and satisfy compliance requirements across any sized enterprise. What\u2019s more, all the solutions noted from above \u2013 from SIEM to Access Management\u2014are available from the cloud.<\/p>\n
<\/p>\n