Radware: Understanding Supply Chain Attacks and Client Side Protection
Why is there now an urgent need for Security Instrumentation?
Enterprises need to invest in Security Instrumentation in order to ensure the effectiveness of their security tools. In fact, a report from Richard Stiennon, Chief Research Analyst at IT-Harvest, insists that there is now an urgent requirement to measure cybersecurity like every other metrics-driven business unit.
What is Security Instrumentation?
According to Stiennon, Security Instrumentation involves deploying sensors in a cloud, or on small dedicated hardware devices, across network zones such as partner, desktop, and server networks, DMZs and Internet. These sensors then "live" in a production environment and measure the efficacy of security tools.. In order to do so, these sensors run a "large and growing library of test behaviours" against other sensors. These operate safely, however, and there are no "false positives" as the sensors communicate with each other. Nevertheless, the report notes that Security Instrumentation also goes beyond this capability. In fact, users can employ integrations with security management solutions such as firewall managers, log managers, and SIEMs.
A new approach to security
"The traditional approach of standards, compliance, and policies have not worked," Stiennon observes. Nevertheless, he adds that Security Instrumentation is easily "deployed today with no impact or risk to the existing environment." The tool immediately delivers value by providing users with the ability to continuously improve. As a result, companies can create "exacting plans, embrace new initiatives, generate more precise budgets" and ultimately become more competitive.
Verodin's Security Instrumentation Platform
One example of such a tool is Verodin's Security Instrumentation Platform (SIP), which provides end-to-end security validation. In effect, SIP instruments customer IT environments to test the network, endpoint, email, and cloud controls. SIP also continuously executes tests and analyses the results in order to deliver proactive alerts and validate control configuration. Overall, the tool provides evidence which demonstrates whether a customer's controls are actually delivering the desired business outcomes.