Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

2018-02-20T19:30:16
ID CARBONBLACK:F4BA8F198C282E1EDD5CD340766DC8E6
Type carbonblack
Reporter Sean Blanton
Modified 2018-02-20T19:30:16

Description

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.


Automated Forensics Boost A Security Team’s Effectiveness

Dan Bowden, VP & CISO, Sentara Healthcare

Dan Bowden believes that cloud-based endpoint-security solutions have greatly enhanced his organization’s security capabilities. “Many of these technologies can help us answer a lot of questions more easily now than we could in the past,” says Bowden, who is VP and CISO at Sentara Healthcare. “We have the ability to automate incident response, forensic work, and things like that.” With that in mind, he advises security professionals to take advantage of this next-generation automation technology, which augments security professionals’ ability to analyze incidents and address vulnerabilities at the endpoint.

Businesses that are operating with lean resources while facing increasingly stringent compliance requirements will find these capabilities especially helpful, since they allow the security organization to operate with greater agility, speed, and thoroughness. “In healthcare, just explaining how many malware incidents we’ve experienced isn’t enough anymore,” Bowden says. “We’ve got to show that we’re categorizing them and that we’ve taken appropriate follow-up measures to do a risk analysis and determine what happened.” He can now report not just how many malware events his organization has encountered, for example, but also how many of them were remote access Trojans and how many command and control events his team was able to block.

From there, Bowden can use these automated forensics tools to gain a greater understanding of the endpoint-security threats his organization must address, such as the likelihood of command and control events occurring on laptops outside the company network. He can drill down further to understand what type of data was on a specific device, what level of access permissions the user had, and when the malware arrived. “With the next-gen endpoint solutions, I’m now able to answer tougher questions using a single automated interface,” he says.

  • Many of these technologies can help us answer a lot of questions more easily now than we could in the past.

When adopting advanced solutions such as these, Bowden advises that organizations pay careful attention to change management. “A lot of the time, you’re trying to unseat an incumbent tool,” he explains. The legacy tool may be perfectly serviceable, but it likely doesn’t offer the full range of features that the newer tool does. Accordingly, it’s a good idea to walk your colleagues through the differences and explain how the organization will benefit from next-generation technology.

Bowden finds that his colleagues are more comfortable getting on board with technology change than they were in the past. “They know that money’s tight so if we decided to spend money on this, we should make sure we do what we need to make it work,” he says. He recently noticed this during a 2FA rollout, in which his boss checked in with a woman working in the administrative division to see how she was adapting to the new 2FA tool on her phone. When he asked, “Oh, what do you think of it?” she said, “You know, when I get that little challenge authentication and I confirm it, it makes me feel like I’m doing more to protect our data.”

Having worked with legacy tools and users who were once resistant to technology change, Bowden feels that security professionals have a promising opportunity to enhance their effectiveness
using the next generation of cloud-based endpoint security tools. Businesses that invest in advanced capabilities will find not only that they are able to defend the organization with greater speed and agility, but that their colleagues are more likely to appreciate the value of security and want to do their part, thereby improving the company’s ability to defend itself against the threats it faces.

KEY POINTS

  • Security professionals can answer tougher, more complex security questions in less time using next-generation endpoint security tools based in the cloud.
  • When colleagues understand the need for security, they are more likely to want to do their part to protect the organization.

ABOUT THE CONTRIBUTOR

Dan Bowden

VP & CISOSentara Healthcare

Dan Bowden, VP and CISO at Sentara Healthcare, has had a career spanning 25 years in cybersecurity and technology. His sector experience includes the military, retail, banking, higher education, and healthcare. Now a two-time CISO, he has successfully built two organizational cybersecurity programs from the ground up. Bowden is active in cyber workforce development, blockchain technology research, and healthcare technology innovation. His success as a leader and CISO has been founded on winning board and executive leadership support for cybersecurity.


Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.

The post Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform appeared first on Carbon Black.