Request a Demo
Welcome to the Cygilant Blog

You Can’t Secure What You Can’t See (Part 2)

Posted by Security Steve on May 26, 2014

Before going back to home security analogies I think I may stick with airports because of another story in the news recently that has some parallels with the next security control I was going to discuss - SANS Critical Security Control #2 - inventory of software (and detection when unapproved software is used).


About a week ago there was a story about a US based airplane being located in a country where there is a ban on any and all commerce without US government approval. The country where this plane was found is somewhat inconsequential to the analogy - but the implications of a rogue plane with potentially rogue cargo is somewhat analogous to rogue software with rogue payload appearing on a companies network.


Similar to my previous chapter that asks how long it would take an organization to detect rogue systems, a critical question SANS Critical Security Control #2 asks is "how long does it take the scanners to alert the organization's administrators that an unauthorized software application is on a system". If the answer is more than  a day (or even worse more than a week, month or not at all), it probably makes sense for your organization to revisit it's ability to detect potentially harmful software being installed on the network in a timely fashion.


This means having the proper technology in place (SANS recommends software white listing) and having a system to detect software violations around the clock. Rogue software is a primary conduit for those with malicious intent, similar to SANS control area #1 - addressing the issue can have high impact at reducing risk of information breach.

Request Demo

Tags: Network Security, SANS, Security Controls Monitoring

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All