How Analytics Supports Cyber Hygiene Across the Enterprise
The foundation for creating and maintaining good cyber hygiene is analytics. Think of it this way. Analytics provides the information you need to operate hygienically.
Analytics is about maintaining your ability to discover relevant data and making sure endpoints are delivering the right kind of reporting when queried. Analytics provides the numbers and hard data needed to measure network performance. This information is equally critical for operations and security.
Cyber hygiene creates a process to continuously identify assets, risks, and vulnerabilities across an environment and fix them with speed at scale. It’s a virtuous cycle that’s fundamental to enterprise security and systems management. Analytics is the precise measurement of what is going on in your system. Cyber hygiene uses that data to maximize business productivity.
Analytics at work
One example of cyber hygiene informed by analytics would be metrics such as mean time to patch (MTTP) and mean time to remediation (MTTR) for vulnerabilities. Many organizations track MTTP to make sure they’re under a certain threshold month-over-month. That supports compliance with industry-specific regulatory mandates such as Payment Card Industry (PCI) standard, HIPAA, or any other set of guidelines.
Other metrics that apply to cyber hygiene could be use patterns, credential authentication, and who’s logging in where. These also apply to security.
Building and enforcing a culture of cyber hygiene
Cyber hygiene begins with total visibility. What’s in the environment? How many endpoints? On an initial scan, many of our customers are shocked at how many devices are in their environment that they didn’t know about.
The Center for Internet Security (CIS) has a list of security benchmarks, and top two are:
- What’s connected to my network?
- What’s running on my devices?
These two benchmarks are equally important for operations and security. Unknown and unmanaged devices increase security vulnerabilities because if they’re not known and managed, they’re not being patched.
IT analytics for the CIO
For CIOs, analytics should inform what IT issues impact a business service or revenue-generating application. IT leaders need metrics that evaluate the performance of the service over time. How many application crashes and CPU and memory alerts are affecting the IT components that deliver the service? And, on the other side of that, how do they affect user experience?
Another important metric for CIOs relates to cause and effect. Are 30% of users having performance issues or application crashes after changes were made during a maintenance window? This level of IT analytics is extremely important from the business services side as well as employee experience.
Old data = inaccurate data = poor decisions
The value of IT analytics starts with the quality of the data. Most organizations do scans of their environment every month or every three months. Yet if data is even a week old in a rapidly changing environment, the decisions based on it will be wrong.
From a best practices perspective, you want the most recent information you can get to make appropriate decisions in the present, not what an appropriate decision would have been two weeks ago.
The disconnect between tools and policy
Analytics and fresh data can highlight the disconnect between tools and policy. People become attached to certain tools, so it’s very common that they create policies around what their tools can do instead of what the situation requires.
For example, some companies have a 12-hour maintenance window in which to patch their devices and get them up and running. The maintenance window is 12 hours because they can’t do it any faster with their tools.
Yet, there are tools that can do it much faster and more efficiently. Management sees the business value of that. Engineers, not so much. It often takes a business driver — backed by data — to force a change.
Cyber hygiene in distributed environments
Work-from-home (WFH) added more complexity to the tasks of maintaining cyber hygiene and even greater need for analytics. The tools companies were using couldn’t provide visibility or manage endpoints off the corporate network.
IT had no visibility unless users were on a virtual private network (VPN). So, they had no way to effectively deploy files to them, meaning they couldn’t patch or control them.
Network VPNs are built with a certain set of license accounts that can be updated fairly quickly, but the hardware supporting VPN connectivity is something organizations often don’t plan for, especially not for 80, 90 or 100% of their workforce working over a VPN.
VPN bandwidth issues triggered a huge move to SaaS applications. This reduced the load on VPNs and allowed employees to use their own Internet access to get their work done. But ‘as-a-service tools’ complicate the visibility equation. Who’s using what? Many of these tools need no local purchasing or installation, so maintaining visibility is challenging.
The ultimate goal: a safer, more effective organization
The responsibility for ensuring good cyber hygiene should be an organization-wide attitude supported and enforced by your security and operations teams. Analytics is one of the tools that make rational, effective policies possible and help operations and security ensure they’re followed.
Learn how to gain control of your enterprise data to lay the foundation for cyber hygiene.