Compliance Management, Network Security, Security Strategy, Plan, Budget

IT security policy enforcement struggles

Companies are struggling to come to grips with the basics of vulnerability management, says Chris Schwartzbauer, vice president of development and customer operations at Shavlik Technologies.

During a presentation at the PCI Europe conference in Brussels, Schwartzbauer said organizations often seem to be working in the dark when it comes to enforcing IT security policy and compliance with external regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) or ISO 27002. He added that security administrators are recognizing the need to develop a meaningful overview of what machines are on and connecting to their network.

“You can't secure what you don't know about, and unfortunately the unknowns are many," Schwartzbauer said. "IT administrators are often unaware of all of the servers live on their network, let alone their relevance or desired configuration, mobile computers are missed during scheduled vulnerability checks, old or unauthorized account privileges persist. And virtualization has made it all too easy for users to ‘create' more machines that must be protected.”

In his remarks, he said organizations are challenged by the complexity of their heterogeneous networks, an overwhelming amount of log data that is too time-consuming to interpret, and a reticence to automate where manual processes are no longer adequate.

“Decision makers, the CIO, security and risk managers assume the basics are resolved because the investment has been made in sophisticated security strategy and technologies,” he said. “But it is in the mundane processes, the policy and configuration management, where the vulnerability gaps are left wide open.”

He continued: “Until these basics are effectively managed, there will always be a risk to company security and any effort at compliance with security policy or external regulation.”

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds