Think back to the last time a child presented their drawing to you. A colorful mass of shapes and scribbles, you probably had to ask them to describe what they drew or maybe you simply asked “what is it?”
Whether they drew the family cat, or mom or dad, or a landscape, the point is the picture didn’t represent our adult perception of those items. Only when the whiskers, and ears, and blue fur, were pointed out did we see the cat through the child’s eyes. This probably isn’t so different from the first time someone walked you through complicated financial statements, charts or graphs that also had you asking “what am I looking at?”
Like with the child’s drawings and the financial statements, business owners are finding they must ask “What am I looking at?” as they attempt to view and make sense of the business risks associated with cyber incidents.
However what’s clear is that viewing alone isn’t sufficient to understand and act on risks. Like with the drawings and the financial reports, having context drawn around the network activity you’re being asked to view provides the necessary story to understand and act.
Manage by Walking Around
Before computers, securing your businesses assets and managing employee productivity used to be relatively easy by simply doing “management by walking around.” Visibility sufficed because you could see that physically, people, files, and other assets were where they were supposed to be or doing what they were supposed to be doing- just by looking.
In the digital age, visibility isn’t as easy as walking around. Gaining visibility into digital assets and productivity is such a challenge that 24% of security professionals who took the SANS Analytics and Intelligence Survey admitted that “due to their ineffective programs, 24% of respondents also didn’t know whether they had been hacked or not.”
Choosing the specialized programs needed to peek inside of today’s digital world of work to determine how work is being performed, what artifacts are produced, how they’re shared, and whether or not this is happening in accord with your stated business goals, policies, ethics, and values, is no small task. Especially as these IT tools typically focus on only one aspect of the task – providing visibility – when in fact what business owners need is the complete picture – context that not only shows what is happening but also explains the who, where and perhaps hints at the why so you can take appropriate actions to manage threats to the security and productivity of the business.
Why Can’t I get the Complete Picture?
For business owners and IT managers coming to grips with the necessity and urgency of identifying and mitigating cyber risks, it can be frustrating to try and assemble a complete picture. Organizations of all sizes wrestle first with gaining visibility, and then creating true awareness out of what they can see as a result. Some are challenged because they manage large or complex environments across wide geographies. Some lack appropriate tools or knowledge to capture and report what’s taking place from moment to moment on their networks: who is working with what programs or files, who is opening attachments sent from outside, who may be doing things online against policy, or even in violation of common sense. Most IT managers would agree that limited resources are a big part of the problem…too few people, too little time, too many ways not to know what’s actually happened.
At Interfocus, we’ve spent decades working with organizations to frame a complete picture. In our recent whitepaper “Situational Awareness: How Improved Visibility and Context Protects Your Bottom Line,” we examine a few scenarios that need to be addressed to turn visibility into awareness, and awareness into a better bottom line.
Want to understand what you’re looking at when you review your network activity? Read the whitepaper here.