Some chief security officers are openly concerned about impact on network bandwidth and whether constant scanning slows systems, says Mark Wood.

Albert Einstein once said that technological change is like an axe in the hands of a pathological criminal. Most days, to IT, security and chief security officers, it must feel like the inmates are running the asylum. Change is the face of the corporate world and few areas of the business are impacted as profoundly by change as IT and security. It comes from everywhere.

Of course, no discussion of the impacts of change on IT is complete without a nod to the technology itself. In less than two decades, technology has changed so rapidly, that it literally boggles the mind. And, it’s not just processing power that’s exploded. Western civilization has become an amazingly mobile society--mostly a positive change for today’s worker, but a nightmare for physical and logical access controls.

Web criminals

The National Institute of Standards and Technology once dubbed wireless connectivity the “logical equivalent of placing an Ethernet port in the parking lot.” Workers surf on and off of networks from wired and wireless connections while hackers and troublemakers constantly test barriers for weaknesses to exploit.

Heck, even the hackers have changed. Hackers used to be kids in basements with nothing more sinister on their minds than a little web site defacing. These days, however, one never knows whether the crooks are on the inside or out and what shape their attacks will take, but it is certain that they’re coming and their goal is to cash in big due to exploited mistakes and vulnerabilities.

Constant monitoring

The only logical way to manage it all is through an access security solution that continuously monitors every asset’s whereabouts and configurations, which is necessary to monitor things such as infiltration or human error. In some cases, users intentionally violate security policies, but most of the time, users unknowingly create security threats, and many won’t remember how it happened.

Continuous security solutions allows for a visual of every substantive change taking place on the network, and alerts the user of changes which may introduce security or compliance risk. It also allows the user to control the level of security compliance needed to maintain and minimize the amount of time spent on asset compliance analysis and reporting.

One of the key benefits of software products that enable continuous monitoring is the automation of data collection and auditing; however, constantly collecting data on every network asset may soon cause an avalanche of reports and alerts. By alerting on changes specifically, a change-based continuous monitoring solution keeps the user up-to-date with crucial knowledge.

There are some who may argue that continuous monitoring is not the most effective pathway to network security nirvana. Some users openly share concerns about impact on network bandwidth and if constant scanning slows systems. This is a legitimate point, which is why it is important to choose solutions that were designed from the ground up for continuous monitoring.

Not so openly, other users reluctantly admit that they just don’t want to know it all. If your solution is continually scanning, then it’s continually alerting you to problems, and some of them are going to require immediate fixes. Some IT security pros would rather deal with problems on their own schedule, even if it means that systems are left vulnerable for a time. If a user’s security or IT department has a “to do list” kind of tactical mindset, continuous security monitoring may not be a good fit for that department.

Much of whether a user would like continuous monitoring solutions all boils down to how security is approached--is it a project or a process? If the user’s organization sees security as a business process that tightly integrates and supports the overall goals and objectives of the enterprise, then chances are, that user would appreciate the benefits of continuous network security solutions.

Such solutions improve the ability to protect assets while significantly reducing the time spent auditing and reporting on compliance. Continuous network monitoring solutions help to automate processes and eliminate manual tasks. It also enables faster and simpler preparation for internal and external audits and provides a real-time view of all the assets on the network all the time. Of course, the ideal solution will be built on a change-based model, so that the user is only alerted when security risks are introduced or systems are deviating from policy.

IT and security departments that strive to extinguish risk in the least amount of time possible while casting the broadest security net around assets will appreciate continuous monitoring solutions, and they’ll absolutely savor the time saved and use it for more strategic initiatives--some say up to 90%.

Just think of it. For the most part, users will be able to focus on proactive projects that drive business objectives. Of course, living dangerously is another option with the use of a snapshot monitoring solution that only finds some of the breaches some of the time--the IT version of Russian roulette--or eschew monitoring all together and drive recklessly into risk--but, take my advice. Don’t blink.