Security Connected

Dissecting Security Connected: Discovery

By on Feb 01, 2011

At FOCUS10, we introduced the concept of Security Connected and recently discussed the foundations of enterprise security and “5 Ways to Get Hacked” here on the blog. In this series, we’ll break down these five key elements of Security Connected. The first – Discovery.

Discovering critical assets should be phase 1 of any security strategy because academically and intuitively it makes perfect sense to understand what you have before you try to protect it. However, operationally, discovery isn’t always feasible without appropriate technology capable of automating the process, correlating the results, providing holistic visibility, and rendering actionable results.  Discovery is most effective when you’re able to centrally manage and quantify information such as:

  • Vulnerabilities including those related to operating systems and network services
  • Vulnerabilities that are specific to applications and databases
  • Sensitive data
  • Security countermeasures protecting assets

Wholesale security strategies that protect all assets the same aren’t scalable and can be costly. Too much time and too many resources are used to protect everything the same. The most effective security strategies prioritize resources. It’s important to understand where your critical assets reside, including sensitive data. This makes it possible to provide the appropriate incident detection, prevention, and response controls tailored for those critical assets.

In discovery, sensitive data is a special case.  Data is today’s prime target. The bad guys want it – do you need another reason to protect it? That’s why it’s important to understand not only where the data is, but where the sensitive resides in a business context. Determine which business units have mission-critical data. For example, data from R&D may be highly sensitive compared to data from HR, or vice versa. Implement an automated discovery capability by auditing various business units, and determining what’s critical in each environment. Understand what’s important for each group – maybe it’s intellectual property, compliance – and apply relative controls for each situation.

When it comes to discovery, measure twice, cut once. By figuring out what areas are most important to secure, you’ll save your organization money and implement a stronger security strategy.

For more information on just a few McAfee tools related to discovery check out: