The story is repeated often enough for a summary to suffice: a professor asks a class how to fill a jar with rocks of varying sizes. After an interval of filler appropriate to the telling of the story, the professor shows how getting the big rocks in first is most important. All the other rocks eventually fill in the crevices and cracks between the big rocks. We get the lesson easily enough: get the big pieces in place first. Bonus points for anyone mentioning “80-20 principle!”
The recently reported vulnerabilities with a major Internet firewall/load-balancer and a major cloud hosting provider show the importance of not only getting those big rocks into place but following up with those little rocks in good order. What good is an aircraft carrier without the aircraft based on it? And what good are those aircraft without the support staff and supply of spare parts? We can get some big, overarching systems into place, but we need to be sure that the supporting systems are readied. These supporting systems may provide connectivity with other big systems or may be able to do the things that fall between the cracks on the larger systems.
In cybersecurity, we have our major systems that go into place to do the heavy lifts: visibility, network access, identity, endpoint, and data. Once those are up and running, it’s time to reach for the specialty tools that take care of use cases that are difficult or impossible for the major systems to address. Going back to the aircraft carrier, we don’t operate them all alone, but as part of a larger carrier group that handles a wide range of functions. Think of the smaller tools as those support vessels for the aircraft carriers in your enterprise.
Consider network access and visibility. These systems have difficulty determining when there are devices that tap into existing lines between trusted computing resources. A product like Sepio, that examines the electrical signatures on network cables, provides visibility into that blind spot and enables the larger tools to catalog and respond to that use case.
When it comes to servers, endpoints, and IoT devices, we can scan them all day to discover what operating system and software they’re running. Those scans do not tell us what’s in those operating systems or what components make up that software. Enter a product like Finite State, which provides that information and allows cybersecurity teams to have a software bill of materials (SBOM) on hand for their IT and IoT estates. That SBOM, in turn, lets us know where we have vulnerabilities now and is what we will turn to when a problem emerges in the future about a commonly-used chunk of code.
Knowing what endpoints on the network is not the same as knowing what they are used for. When we say, “there’s an outage impacting the production line,” that’s a vague statement. Is the entire line down? Or just a part that we can utilize a temporary manual workaround to deal with? Front-line monitoring tools don’t always tell us enough story to get the specifics that we need to answer those questions. A tool such as Centerity gives us that business intelligence and couples it with monitoring so that we can be precise in our assessments of outages.
I think it’s great that many organizations have gotten the big tools in place. The big rocks must go in first. Now it’s time to get those smaller rocks into the jar and fill in the gaps.
