No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
Back in the 90s, we all used to build massive firewalls around our systems and spent our day-to-day resources looking for holes to patch. In theory, an impenetrable wall around everything you own is a great idea, because it protects even the things you’ve forgotten about.
However, if a wall is your only defense, it needs to be 100 percent perfect, 100 percent of the time. And if you’ve ever owned a house, you know that all walls form cracks over time. Not to mention, today’s corporate perimeter involves the cloud and mobile and remote assets too, and there could be hidden assets you’re not aware of.
Perfection must not be a prerequisite for good cybersecurity. I’d argue, you don’t need to know about everything you own to protect it. Assets can be grouped and categorized such that the security procedure accounts for perimeter and visibility weaknesses.
Think about all the ways you build security controls that affect whole groups of things: