More importantly: do you have the authority to manage or patch all the vulnerable devices that employees use to connect to your network? Tell employees what handsets to buy? Tell Alice she can or Bob he can’t connect to the network at any given point in time?
That you’re shaking your head ruefully speaks volumes.
The bad guys on the other hand don’t pay much attention to such paper defenses, and are happy to do vulnerability research and reverse engineer software to figure out how to overcome the best laid protections. Both good- and bad-guys collaborate, but the latter does so with much greater efficiency and to greater effect, which is why for the price of a few fancy coffee drinks anyone can project power online.
A defender’s most powerful weapons are awareness, visibility, and the ability to enforce policy. Awareness speaks to knowing what your IT and IoT enterprise consists of at any given moment: the stuff you bought, the stuff people bring (BYOD), and the stuff people don’t tell you about (rogue IT).
Visibility speaks to your ability to understand what all those devices are doing at any given moment. Who do they need to talk to? When? Over what ports? Why? Why is a system that normally operates 9-5 on at midnight? What is a device that has never talked to an IP in Russia doing just that right now?
Being able to enforce policy speaks to your ability to use your tech- and security-stack to stop a system or device from doing something it shouldn’t. You may not be able to dictate what can and cannot use your bandwidth, but you can limit just how much a given device can do once its connected.
How do you defend what you don’t know you have? How do you stop evil if you don’t know the difference between good and bad? How do you limit the damage a given system or device may cause without some level of control?
You can accomplish all of these things with Senrio Insight:
- Know, in real time, and without placing a burden on your network or end-points, exactly what is connected to your network: what you bought, what people bring, what you weren’t told about.
- Understand in short order what “normal” is for any given device or class of devices in your enterprise, and be alerted when something abnormal happens.
- Use the data generated by devices to develop firewall rules or IDS signatures to ensure that devices do no more or less than you want them to.
Senrio takes a passive approach to identifying all devices on a network, placing no burden on the network or endpoints. Use our API or export data into your existing SIEM, firewall, IDS, CMDB or other systems to achieve superior awareness and visibility into device behavior, and enable your team to respond to threats or anomalies using tools and techniques they’re already familiar with. Watch Senrio in action and start your evaluation today.