Cyber security hacks, information leaks and data breaches that expose millions of records are now, sadly, a commonplace occurrence. With every incident that is reported by the media, the situation is growing worse.
The casual observer might be forgiven for thinking that behind all these breaches there are genius hackers typing furiously on their keyboards, much like Hugh Jackman in Swordfish. The reality, however, is that most high-profile breaches are much more preventable and ultimately come down to something mundane like a misconfigured server, an unpatched computer or the infuriating practice of password re-use.
Let’s take Equifax as an example. This is a massive company that deals with highly sensitive information every day, and they do so in a state-of-the-art environment. Nevertheless, they suffered one of the most serious data breaches we have ever seen, leaving over one hundred million financial records exposed. Investigations revealed that the cause of the breach was carelessness; the inventory of Equifax devices and system versions was outdated, which allowed attackers to exploit known vulnerabilities and access their network.
It should be noted that this situation is by no means unique or uncommon. Most large companies have such complex environments that it is extremely difficult, if not impossible, to keep track of all the servers, routers and computers by just using spreadsheets or attempting to manually make sense of the environment.
Failure to conduct regular, exhaustive inventories and update system programs can leave the organization exposed to data breaches, sizeable fines and considerable loss of business.
This task may seem daunting. As mentioned before, corporate environments are highly complex. That said, when we take a closer look at the requirements of major government and industry compliance regulations, we can boil them down to a couple of key concepts.
- Know what you have. You may have a list of your company’s servers, laptops and network devices, but do you know which version of software they are using, the last time they were patched or the specific applications they are running?
- Know your weaknesses. You can’t fix what you can’t see. One of the main questions companies must answer when hit with regulatory fines after a breach is: Did you identify vulnerabilities, and, if so, did you do something about them?
Of course, summarizing what the major regulations such as HIPPA, GDPR, SOX or PCI DSS require from companies in just two bullets is an oversimplification, but the larger point is this: For companies to be both secure and compliant, the first step is always going to be to generate the data that they need to make smart decisions.
DAG Insights™ is a data center and workload assessment solution that can be implemented in any environment and performs continuous monitoring and assessments of the IT environment. The vulnerability assessment and system versioning modules in Insights can arm your company’s IT team with the necessary information to improve your security and compliance posture in a short period of time. By allowing you to focus on the most critical vulnerabilities and outdated systems, Insights will enable your remediation team to close the easiest entry points that attackers would use to compromise your network.
Your company cannot achieve compliance without a transparent view of your security program. DAG Insights provides the clear view you need.
Learn more about how DAG Insights can help your organization get the visibility you need within your IT environment.
Written by Eduardo Alcocer