The Dark Underside Of Cyber Visibility
Maturity often brings surprises in organizations with legacy infrastructure. As your cyber program matures, there will naturally be more purposeful and comprehensive observation into the activities of your users, endpoints, and applications.
You’ll be seeing the dark underside of your organization.
The grime and grit are natural by-products of the cyber security maturation process. You really shouldn’t be surprised by what you will find, but you probably will be.
After all, legacy systems often have years of tech debt that’s been lingering unseen. And, you are just beginning to peek and poke with your flashlight around the parts that haven’t seen light in a while.
- applications that have been calling non-existent accounts on other machines for years.
- Legitimate big name commercial software applications that are coded or behave like malware.
- Standard user accounts present in the local administrator groups of often hundreds of servers.
- Service accounts that reach into key servers that they probably shouldn’t.
- Outdated software, old protocols, unexpected data.
The path to maturity can be initially painful as the discovery often generates more work items rather than reduce work.
These are the dark undersides and dank corners that need to be exposed in order for your organization to be secure.
You’ll have a lot of tools at your disposal and you’ll need to leverage them all
- Top threats and their threat models
- Risk register
- Gaps list generated from discovery
- IT audit findings
- Pen tests
- Incident response lessons learned
Thing will be messy. There will be surprises. This visibility can be like moving the refrigerator for the first time to clean behind it.
Set expectations with execs accordingly.
And, bring the light.