For many kids, sports are a part of growing up. Learning teamwork, strengthening coordination and being able to react quickly to situations at hand. Whether individual sports or a team approach, there are key initiatives success.
This article from Corbin Louks, Account Manager at Forescout networks and previous NHL football player, brings the fundamentals of the NHL back to Cyber Security in an interesting dialogue below:
Professional athletes work hours upon hours on the fundamentals of the game so that when the “bullets are live,” simple mistakes are avoided. After a while, the fundamentals of the game become second nature. A similar process takes place when security professionals deal with manual security tasks. But in IT security, the fundamentals are changing. Why? Security professionals are dealing with a rapidly expanding—and morphing—threat landscape. Consider the IoT (Internet of Things). Gartner estimated that 8.4 billion connected things were in use worldwide in 2017, and predicted that number will reach 20.4 billion by 2020.1 Gartner adds that by 2020, IoT devices will outnumber users with laptops, tablets or smartphones by more than three times!2 And when you factor in that the vast majority of those IoT devices will be unable to be managed by agent-based software, it’s like a free-for-all. The visibility gap becomes extreme, the fundamentals are no longer fundamental, and something has to give.
In football, preparation begins with film study and off-season training. In cybersecurity there is no off season, so you need to always be prepared for whatever might strike.
What better way to be prepared for a potential hack than to first and foremost know your threat landscape, or, in football terms, identify your tendencies. But with the tendency of IoT, OT and other connected device numbers to be headed off the charts, knowing your exact threat landscape has become very challenging.
Which brings us to ForeScout. Our platform discovers what devices are connected across your heterogeneous network, classifies devices and continuously monitors hygiene of those devices without using agents/supplicants. It’s how we go about providing our customers with the best “film study” to prepare for their opponents. There’s a saying in football, “The eye in the sky does not lie.” ForeScout is that eye—the one that can continuously provide detail of the landscape so you know who, what, where and when devices come on and off the network. These are fundamentals of security—at least they ought to be—and they are made possible by ForeScout’s unique agentless approach to continuous visibility.
3. Flexibility to Make Adjustments Quickly
Strategic flexibility in football can mean the difference between winning and losing. I believe the same can be said for an organization’s security policies. Having the ability to react quickly and make adjustments on the fly are critical. Too many security tools are siloed off, and simply overwhelm security operations teams with constant alerts. When offensive coordinators come across weapons like Peyton Manning, Tom Brady, Aaron Rogers, Drew Brees, and now Carson Wentz/Nick Foles, that are able to automatically identify a bad situation and make adjustments for their team to be successful, the value is immeasurable. The ForeScout platform can step into the quarterback role, automatically sharing information with your current security tools (your offensive weapons) to make them smarter. Thus, when put in a critical situation, we can do whatever is necessary on the fly: quarantine a device, fingerprint an IOC, trigger real-time VA scans, populate a CMDB in real time, respond to critical alerts from your SIEM, automate MDM processes, and much more. These “play calls” are all based on policies that are completely customizable to your organization’s needs. We even supply the templates.
In football and in network security, it takes hard work to have a good season, let alone a perfect one. And while it’s clear that not everybody can be the ’72 Miami Dolphins—in fact, nobody can be (at least not yet)—it is possible to win consistently. My suggestion is, start with agentless visibility, continuous monitoring across your heterogeneous network, and coordinated incident response through orchestration of your existing investments. All it takes to put you over the top is one key player. (Hint: I work for ‘em.)"
Fouks makes a great point as he discusses the similarities in the two platforms but more importantly the game plan he mentions at the end, offering clear steps for an organization just getting started.