Skip to content

Does your business need to get its eyes checked?

Businesses are awash in intelligence and insight, yet they often lack clarity and focus. Perhaps they need new glasses.

Perspective

People with visual impairments often face challenges in their daily lives, as it can hinder their ability to achieve their goals or require workarounds to get there. The parallels with cybersecurity and IT operations are impossible to ignore. Organizations need to know with clarity what assets they have under management, where data is flowing, and where there might be cause for concern.

Unfortunately, many IT teams are struggling with various forms of visibility impairment. This creates the blind spots in which cyber risk and malicious activity thrive. Correcting these shortcomings should be a priority for any IT leader.

What’s at risk?

Enterprises are expanding at a prodigious rate. Even as macroeconomic storm clouds gather, the need to drive sustainable growth remains undimmed. That means doubling down on digital – whether it’s remote worker endpoint devices or cloud-based containers. The result is that most organizations must now manage a complex, distributed IT environment in which legacy and modern technologies sit side by side. Gaining comprehensive visibility into this environment is vital for two reasons: to avoid wasteful spending on under-utilized resources and excess licenses, and to detect, contain and remediate any potential security risks.

The financial and reputational impact of failure could be significant, and a serious breach stemming from IT visibility gaps could cost millions. That’s $9.4m per data breach in the U.S, although the impact of a serious ransomware outage could be many times higher.

So, what does impaired vision look like in IT operations and cybersecurity, and how can we fix it?

What are the main IT visibility challenges?

The analogy with human sight is an apt one. We can show several IT visibility challenges that align to well-understood physical conditions. These include:

Tunnel vision: Teams are so focused on their own products, services, or data that anything peripheral is made almost non-existent. This means they don’t pay enough attention to what’s happening upstream and how this might affect their current operations and visibility, or how inaccuracies in the here and now might affect the state of downstream systems. This kind of tunnel vision is often a product of multiple siloed IT management tools, with each team working from its own set of data almost as a shadow IT department. A single source of the truth, generated from a centralized platform, is essential to correct this.

Split vision: While like tunnel vision, this is more likely to impact senior decision makers in an organization. The problem comes about because they are managing competing priorities stemming from different sets of data that don’t align. There’s no clarity about how or even whether these priorities are part of the same goal.

Double vision: This can also stem from a lack of unified, coherent data across the IT and security functions. Have you ever tried to drive with two map apps systems switched on? They may try to take you in different directions, adding chaos and uncertainty where there needs to be calm and clarity. Accurate, centralized intelligence is the only way to drive confident decision making.

Blurred vision: When there’s too much data circulating among IT and security teams, actionable information can get lost in the noise. We can go further with the analogy here. Myopia (near-sightedness) explains the challenge of IT teams so focused on the details that they can’t see the forest for the trees. No regard is given to downstream systems or current objectives. On the other hand, hyperopia (farsightedness) describes those teams who understand the bigger picture – their overall business goals – but lack the up-close detail to get them there.

Presbyopia (old sight): As the name suggests, this is a condition that stems from old age. Old data is data that is out of focus. Although historical information can help to find trends, tasks like incident response, threat hunting, and change or problem management need timely, accurate data. The longer it takes to get data back about your IT environment, the less valuable it will be.

Astigmatism: Finally, consider this cause of blurred vision, which often occurs due to a mismatch between curves of the lens inside the eye. In IT and cybersecurity there’s also often a mismatch – between a chosen tool and the task it is used to perform. Consider the misuse of endpoint detection and response (EDR) solutions for inventorying assets, for example. As different teams often have their own preferred tooling, this once again leads to multiple versions of the truth. Truth is not an average.

Seeing and knowing what to do

Fundamentally, organizations can’t manage, protect, secure, administer, or run what they can’t see properly. At the most extreme end, there may be major blind spots in their environment which leave IT assets unmanaged and unprotected. But simply “seeing” everything is not enough. This might give knowledge of the IT environment, but it won’t necessarily enable wisdom unless teams have the context they need to act decisively. They may spot something suspicious, but is that administrator accessing that specific database a real enterprise risk that must be managed? Only the right context will tell.

This kind of effective decision making requires skilled IT practitioners, but it also depends on the right tools. That means a single, centralized source of truth for managing the endpoint estate – to not only provide near-real-time visibility at speed and scale but also the control to take remedial action swiftly. The more you know, the better decisions you can make. That fundamentally depends on accurate, timely, and comprehensive data.


Discover how a converged endpoint management can provide your business with unmatched visibility, control, and remediation. Get your free trial today.

Tim Morris

Tim Morris is a Technology Strategist at Tanium. An expert in cyber threat engineering, he builds teams and programs that solve security problems and streamline operations.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW