- Community Home
- >
- Servers and Operating Systems
- >
- Servers & Systems: The Right Compute
- >
- How to close security gaps to improve your securit...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Receive email notifications
- Printer Friendly Page
- Report Inappropriate Content
How to close security gaps to improve your security posture
As the threat landscape evolves, organizations struggle to address security gaps. With the right mix of tools, talent, partners, and policy, however, it's possible to close these gaps.
Security is a top-of-mind priority for enterprises operating in a modern hybrid environment. Most organizations believe that they are doing their due diligence to stay secure, but despite their best efforts, breaches continue to make headlines. Most IT leaders are now admitting that it is no longer a question of if the organization becomes a victim of a cyberattack, but when.
They're reckoning with a grim reality: even with core security solutions in place, significant security gaps exist.
Securing the Modern IT Infrastructure
Enterprises are plagued by myriad security gaps leaving the IT infrastructure vulnerable. The majority of these gaps, according to a 2018 survey conducted by the Ponemon Institute, are due to the expanding and blurring of the IT perimeter.
As businesses adopt hybrid environments, they're finding it harder to protect those environments from sophisticated cybersecurity attacks with standard security measures. Fifty-five percent of respondents in the Ponemon survey said that it's hard to protect the IT perimeter given the requirements needed to concurrently support the Internet of Things, bring-your-own-device, mobile, and cloud initiatives.
A lack of visibility into who and what is connected to the IT infrastructure compounds matters. Sixty-seven percent of respondents said that their security teams have no visibility into or control over the activity of every user and device connected to their IT network, which leaves systems susceptible to attacks that use compromised user credentials. At the same time, 48 percent of survey respondents said they suffer from a cybersecurity skills gap because the skilled personnel needed to counter the new breed of sophisticated cyber attackers are hard to come by.
Creating policies to plug the gaps
Aligning to the National Institute of Standards and Technology Cybersecurity Framework can be an important first step to close security gaps. The framework is built with an understanding that security is an end-to-end initiative, and focuses on five core areas: identify, protect, detect, respond, and recover. Together, these core components "aid an organization in expressing its management of cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities," NIST says.
Having a clear security policy in place forms the foundation for any successful protection strategy by giving organizations a holistic understanding of how to better manage risk. Once such policies are established, organizations can look for the solutions and services that will best provide them with the 360-degree protection they require.
The Aruba 360 Secure Fabric from Aruba, a Hewlett Packard Enterprise Company, is one such security framework. It's built with the understanding that security must protect the entire enterprise. As such, it provides integrated solutions, not individual point solutions that security teams would have to cobble together. Security professionals can now develop a seamless path to security that encompasses everythingโsuch as user and device discovery and access control, and analytics-driven attack detection and responseโwith automated and dynamic policies that span wired, wireless and VPN networks.
Improving detection with visibility
All too often, organizations don't even know that they've been hacked until the damage is done. It can be months between the time a cybercriminal installs malware and when the compromise is found. For a large enterprise, the amount of transactional data that goes through the system in that timeframe is phenomenal. If a hacker's watching it all, and you don't know it, the results can be catastrophic.
Combating cybercrime without visibility and context is impossible. If your system identifies someone from the HR department attempting to access a Finance application, you need the visibility to know what data was accessed, when and on what device. You also need context to be able to determine if the behavior was legitimate. Without the right tools and policies, organizations can quickly get so bogged down in investigating false alerts that they may not respond to the real alerts until it's too late.
Modern secure network access control tools such as Aruba ClearPass empower the enterprise through improved visibility and management capabilities. For comprehensive control of burgeoning IoT devices, Aruba ClearPass Device Insight delivers valuable visibility and profiling to address the security and compliance risks associated with unidentified or unmanaged devices connected to the networkโeven those IoT devices that have been deployed without IT knowing about it.
The rise of phishing and advanced attacks makes security analytics tools such as Aruba IntroSpect instrumental to a holistic detection and defense strategy. The ability to identify the subtle user and entity behavioral changes common in stealthy attacks and to automatically assess and alert on the risk with comprehensive context lessens cybercriminals' effectiveness. By employing machine learningโbased intelligence, IntroSpect can dramatically strengthen the detection, prioritization and investigation capabilities of security teams.
Finding the right talent resources
Having the right people with the skill sets necessary to facilitate risk management is crucial. Yet finding them is difficult. You need talent that understands how to protect every aspect of your IT environment, all the way down to the silicone layer in your servers.
Security personnel play a pivotal role in investigating how breaches occur and making the changes necessary to minimize their long-term impact. Whenโnot ifโyou get hacked, how quickly you recover directly affects the financial implications of the breach, as well as customer and shareholder confidence.
A trusted partner such as HPE can help you build your security team. With a variety of service levels designed to fit an organization's existing needs, Continuous Security Improvement Services from HPE can help your organization build a bulwark against today's dynamic threat landscape.
Installing holistic solutions for gapless security
With the attack surface expanding and security skills in short supply, it's never been more critical to address gaps in your security programs. The right mix of holistic solutions and trusted partners makes it possible to plug security gapsโeven in a complex, hybrid environment. Although every organization is at risk, security does not have to be a abyss that requires endless resources.
Think of it, instead, as a business enabler that reduces organizational risk and empowers teams to innovate freely. With a robust set of security policies in place, and solutions and services to support these policies, businesses can change the conversation around security to one of empowerment instead of breaches.
Bob Moore
Hewlett Packard Enterprise
twitter.com/HPE_Servers
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
- Back to Blog
- Newer Article
- Older Article
- Dale Brown on: Going beyond large language models with smart appl...
- alimohammadi on: How to choose the right HPE ProLiant Gen11 AMD ser...
- Jams_C_Servers on: If youโre not using Compute Ops Management yet, yo...
- AmitSharmaAPJ on: HPE servers and AMD EPYCโข 9004X CPUs accelerate te...
- AmandaC1 on: HPE Superdome Flex family earns highest availabili...
- ComputeExperts on: New release: What you need to know about HPE OneVi...
- JimLoi on: 5 things to consider before moving mission-critica...
- Jim Loiacono on: Confused with RISE with SAP S/4HANA options? Let m...
- kambizhakimi23 on: HPE extends supply chain security by adding AMD EP...
- pavement on: Tech Tip: Why you really donโt need VLANs and why ...
-
COMPOSABLE
77 -
CORE AND EDGE COMPUTE
146 -
CORE COMPUTE
130 -
HPC & SUPERCOMPUTING
131 -
Mission Critical
86 -
SMB
169