“An effective optimization strategy is to eliminate
dashboards and integrate as much as possible.”

• It’s important to integrate data from various tools in the security
  stack so that you can automate as much monitoring, correlation,
  and incident response as possible.
• Detailed endpoint activity monitoring—whether it’s on laptops, desktops, servers, or any endpoint device—enables you to detect and immediately respond to events and perform more effective forensics.

“Because most events start on a device, without integrated endpoint security, you lose the ability to handle localized events quickly.”

When you optimize your security stack, you must do so in the context of those items that pose the greatest threat. This is true whether you have a large environment with 80,000 connected
devices or a small business. Every company has resource limitations; therefore, resources
must be directed to where the statistical probability of events occurring is highest. Focus your
strategy on three fundamentals:

1. Ensure a strong vulnerability management program, which includes having the tools that
can scan your environment and locate vulnerabilities. Most breaches happen through
known vulnerabilities, so hackers look for the easiest way in. They don’t need to invest
in the most sophisticated attacks when all they have to do is find companies that don’t
patch well and don’t have vulnerability management programs. Plenty of companies
have weak patch and vulnerability management.

2. Make sure you have strong configuration management. This needs to include application
access and authentication around network devices. This becomes more critical as IT
environments become more complex.

3. Be able to mitigate threats—especially insider threats—as quickly as possible. Insider
threats are often not malicious. They can be careless behaviors or mistakes that people
with legitimate access make.

This is an excerpt from 7 Experts on Optimizing Your Security Stack.  This series was generously sponsored by Carbon Black.