Enterprise Security Trends Blog | HP Blogs
Keep up with the latest cyber, consumerisation, collaboration and cloud enterprise security trends from the team of HP information security professionals.

Continuous Monitoring - Part I

Continuous monitoring has become a major focus area in cybersecurity. From customers to experts to standards bodies, they claim that continuous monitoring will vastly improve the security of our networks and critical infrastructure.

 

So what is it?!

 

We can provide a simple explanation by using a physical security example. Let’s suppose that you want to protect the perimeter of your building or compound, but you only have single-shot cameras to monitor who’s going in and out. You set them up to take photographs every 15 minutes, and you analyze them at the end of the day to look for breaches or irregularities. Of course, you miss a lot of activity!

 

To start implementing continuous monitoring in our example, you swap out the single-shot cameras for video cameras. Now you have a continuous view, in real time, of what’s occurring in and around your physical enterprise. You have all the information you need to secure your compound, but do you have the resources to monitor and analyze the information in real time?

 

That’s the same issue with monitoring the security of cyberspace, except the amount of information you collected can be significantly greater. A typical enterprise can collect logs and events from firewalls, routers, servers, PCs, and more.  You can also include physical security data – video, badge machines, motion detectors, etc. In addition, you have to know, and continually update, your asset inventory – both hardware and software. Based on that inventory, the next step is to evaluate the configuration of each asset to ensure it complies to secure configuration standards and guidelines. That inventory also needs to be continually scanned against known vulnerabilities and threats. Vulnerabilities can be based on the asset configuration or the network upon which it resides. As you can see, continuous monitoring is a complex process with a lot of moving parts – and that’s just deploying a basic capability! The eventual goals of developing this capability are to:

  • Put in place a better (defined, repeatable) process for detecting and remediating security issues
  • Create a way to score an organization’s security risk
  • Leverage the insight gained to institute a process of continual improvement towards a more secure enterprise

Regardless of the size of an enterprise, collecting and analyzing this information is daunting. You must first determine what sensors (products) you have and what data are you collecting. There are a wide variety of products in the market that perform the functions described above. HP has a set of products that can provide the core functionality: Enterprise Service Management suite (uCMDB and related products), ArcSight, EnterpriseView, TippingPoint, and Fortify/WebInspect. Other functions and capabilities are provided by third party products. The heavy lifting for continuous monitoring is in the integration of the products and information into a stable infrastructure that ensures the continuous flow of data and analysis that represents the overall security posture of an organization. The Cybersecurity Solutions Group (CSG) Engineering & Architecture team is currently performing the integration of the proposed DHS continuous monitoring solution in the CSG eLab.

 

In following blog posts, I’ll delve into the other functional areas that define a full continuous monitoring solution and how that aligns with a comprehensive enterprise security reference architecture.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Manage cyber engineering & architecture team developing security services, security reference architectures, big data security, mobility, cl...
About the Author(s)
  • Manage cyber engineering & architecture team developing security services, security reference architectures, big data security, mobility, cloud, cyber situational awareness and security operation center solutions. Responsible for developing innovative cyber solutions across public sector accounts. Collaborates with HP Labs, HP CTO Organization, product groups and third-party vendors to leverage innovative technologies to deliver the next generation of cybersecurity solutions.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.


Follow Us