APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Enterprise Security
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 )
    left
    What Keeps Your Security Chief Up at Night: Keeping the Enterprise Secure is a Round-the-Clock Job

    Gary Eppinger, Global CISO, Carnival Corporation

    Security is Only As Good As Your Weakest Link

    Sam Schoelen, CIO, Continental Resources

    Mobility x Security

    Daniel Sobral, CSO, JBS USA

    Managing Security At The Speed Of Business

    Nimmy Reichenberg, VP-Marketing and Business Development, AlgoSec

    The Employee-An Organization's Security Downfall or a Hidden Security Gem

    Gordon MacKay, EVP and CTO, Digital Defense

    Viewing Security With A Service Perspective

    Gary Eppinger, Global CISO, Carnival Corporation

    Enterprise Security Strategies in Todays Threat Environment

    Mike Convertino, VP and Chief Information Security Officer (CISO), F5 Networks

    right

    Inaccurate Data Creating a False Sense of Security

    Larry Hurtado, President & CEO, Digital Defense, Inc.

    Tweet
    content-image

    Larry Hurtado, President & CEO, Digital Defense, Inc.

    The efficacy of any information security infrastructure is wholly dependent on the accuracy of the underlying security intelligence. Faulty data can lead those responsible for security toward action–or inaction–that ultimately creates vulnerabilities with far-reaching, sometimes devastating, consequences on the business.

    In today’s threat environment, the security risks to all organizations have dramaticallyincreased. As a result, there is a renewed commitment to establishing a healthy security ecosystem based on a holistic view of endpoints, as well as the in-house and third party applications running on them. Many CIOs and CSOs look to vulnerability management providers to deliver this end-to-end view of the infrastructure with a focus on identifying the weak points that leave an organization exposed to hackers and various attacks. But like a physician examining an MRI, a security professional trusts that the picture painted by a vulnerability management solution is accurate, and takes action—or does not—based on that picture.

    It’s critical that the picture be based on accurate data points despite the complexity and evolution of the network infrastructure, and the ever evolving nature of the threats. The vulnerability management system must be accurately identifying current threats and potential threats, and enabling that information to be shared across the organization’s multi-vendor security applications.

    Previously, information security technologies operated within their own silos, providing specific value, but not taking advantage of information from the organization’s multiple other tools. However, within the last five years, many organizations have realized the benefits of bringing together information from these traditionally separate solutions, and creating a more integrated security ecosystem.

    While there is no such thing as a “one size fits all” information security ecosystem, nor does any one vendor offer companies a complete solution to solve all security use cases, companies are working to integrate more. Vendors are announcing key integrations with other security vendors to solve some common use cases. Additionally, most vendors offer Application Programming Interfaces (APIs), allowing their solutions to be integrated with complimentary security tools.

    The resulting gap between the ‘static security solution’ and the changing infrastructure is compounded over time, undermining the usefulness of the vulnerability data provided

    In most cases, an organization must evolve their ecosystem based on their own threat and risk models as well.

    Unfortunately, these IT teams are also working with a potentially fatal flaw in some vulnerability management solutions that can go undetected until an incident occurs and exposes the shortcoming. This fatal flaw is made more likely by the increasing complexity of today’s heterogeneous networks and multi-vendor security infrastructure.

    The problem stems from the simplified algorithmsinterwoven within pattern-matching algorithms located deep within the foundational core of most automated vulnerability management products. Many of these productsassume the networks they are scanning are static, when in fact they are not. As time passes, the underlying networks that these vulnerability solutions are supposed to measure and protect inevitably shift and change.The resulting gap between the “static security solution” and the changing infrastructure is compounded over time, undermining the usefulness of the vulnerability data provided. We call this issue network drift.

    You can quickly see how this problem is exacerbated as organizations must evolve their ecosystem based on their own threat and risk models. That’s not to suggest we stop evolving our networks. Keeping pace with current technologies inside and outside security is crucial to any business. Instead, the answer lies in selecting a vulnerability management solution capable of finding security weaknesses as the landscape continually changes. It’s a critical capability. Otherwise, not only is the vulnerability management system not performing its job, but worse yet, all the associated security applications that are functioning based on the (faulty) vulnerability data, are ineffective.

    The harsh reality is that the findings portrayed within the “asset views” of the vulnerability management systems used by most organizations (including many Fortune 500 enterprises) are far less accurate than we once believed due to the problem of network drift. Organizations are using inaccurate information to guide their security decisions, and integrate it with their security enforcement technologies within their security ecosystem.

    The primitive algorithms found within the inner workings of somevulnerability managementsolutions, supplied by even the largest of the vendors in the space, are seriously limited, and cannot correctly track findings in the presence of the dynamic network changes common to many enterprises. As a result, an organization using such solutions must take extreme care, not be misled by the risk profile portrayed by these products, and instead must question the matching technology used within these platforms and take action to avoid a false sense of security or the chasing of phantom problems.

    Integrating security solutions to protect an evolving infrastructure, when done right, is a positive step toward better security overall. When accurate data is brought together, it can help companies create better pictures of their network and catch and remediate real and problematic security flaws before they become real breaches.

    Check this out: Top Managed Security Service Companies in APAC
    tag

    Information Security

    Weekly Brief

    loading
    25 Most Promising Enterprise Security Service Providers
    ON THE DECK

    Enterprise Security 2016

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Listening Beyond Hearing

    Listening Beyond Hearing

    Salvatore Incardona, Head of IT, Amplifon Australia
    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Steven Meek, Chief Information Officer, Pepper Money
    Advancing the Chemical Industry through Digital Transformation

    Advancing the Chemical Industry through Digital Transformation

    Jan Mandrup Olesen, Global Head of Digital Business, Indorama Ventures
    Cultivating a Sustainable Future through Collaboration

    Cultivating a Sustainable Future through Collaboration

    Jiunn Shih, Chief Marketing, Innovation & Sustainability Officer, Zespri International
    Mastering Digital Marketing Strategies

    Mastering Digital Marketing Strategies

    Tasya Aulia, Director of Marketing and Communications, Meliá Hotels International
    Building a Strong Collaborative Framework for Artificial Intelligence

    Building a Strong Collaborative Framework for Artificial Intelligence

    Boon Siew Han, Regional Head of Humanoid Component Business & R&D (Apac & Greater China), Schaeffler
    From Legacy to Agility Through Digital Transformation

    From Legacy to Agility Through Digital Transformation

    Athikom Kanchanavibhu, EVP, Digital & Technology Transformation, Mitr Phol Group
    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Ts. Dr. James Chong, Chief Executive Officer, Columbia Asia Hospital – Tebrau
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://enterprise-security.apacciooutlook.com/cxoinsights/inaccurate-data-creating-a-false-sense-of-security-nwid-4220.html