Arcsight: Understanding enterprise threat and risk management is the greatest challenge for business

News by Dan Raywood

The need to create a risk management profile described as the greatest challenge for businesses.

The need to create a risk management profile described as the greatest challenge for businesses.

Speaking at an Arcsight roundtable last week, CTO of public sector Prescott Winter claimed that risk management presents a big challenge for businesses, but there is a larger problem of establishing the risk management models.

He claimed that ‘everybody wants openness, customer facing apps and hi-tech devices' and everybody has opened up the front door. However in virtually every enterprise he had looked at, not all machines or individuals were of equal risk or value.

He said: “The really big challenge for any enterprise, government or private sector is to do the difficult and not very glamorous work of establishing your risk management models, your threat profiles, identifying your high value users and identifying the high risk and high vulnerability machines.

“So when you begin to see people breaking in and who is in your network doing things that they should not be, you have a prioritised set of answers, you do not have to assume it is all of equal value and you lash out with what the latest interrupt seems to be. The attacker only needs to get in once, you have to control the whole network and see and respond everywhere.”

He went on to claim that in information risk management, you have to gather information about all of your systems, all of your users and your networks and know what they are doing to determine what is contrary to the policy.

He said: “We call this ‘enterprise threat and risk management' and it really starts with defining risk profiles, systems, individuals and building monitoring to show what is going on in real time and to discourage those who clearly do not get it.

“The correlation process brings all of this stuff together so that you see, via a single dashboard or screen, what is happening in your enterprise. In an ideal case this is coupled to your IT so you see what is going on in that too and the IT and security forces in many scenarios do not work together as well as they should. As you run in this manner, your systems provides patterns and highlights when something is wrong.

“We are under a sustained assault by adversaries, I think that there are ways to stop that and it is time to stop bleeding because we are bleeding to death by a thousand cuts all over the place.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews