Is it better to implement a preventative or detective control environment that can identify and determine the correction to a control violation? Well, that depends. Which would you rather sell to management, the prevention or the cure? But remember the old saying, “What if the cure is worse than the disease?” Preventive controls are designed to stop bad things from happening. But if this approach to controls becomes too restrictive and gets in the way of business, it will either be overridden or bypassed completely – leaving organizations with the only option of implementing detective IT Controls.
The more complex a system gets, the harder it is to secure access and transactions with preventative controls. Why? Because transactions typically span across multiple systems and cloud services, this adds to the complexity of trying to implement a control framework. In these cases, even detective controls will fail due to the sheer amount of access and transaction information that has to be aggregated, normalized, standardized, correlated, and analyzed across all these systems.
There is a way to accomplish this goal. It’s called context-aware continuous monitoring IT controls, which is a mechanism for applying fine-grained, dynamic security policy controls based on a real-time analysis of information where contextual data is applied to a transactional process – such as user role, location, behavior, time, applications, devices, data and more. These contextual factors are assessed based on their relationship to a baseline of acceptable use where the control is looking for patterns that would identify something that is outside of the norm, suspicious, emerging, or an outright risk or policy violation.
Handling correlation and data analysis with the amount of data volume, velocity (change), and variety, veracity goes beyond the capabilities of existing SIEM and log analysis technologies. Consolidating all this data into broader analysis platforms increases the ability to correlate, explore, and report behaviors or events in an integrated fashion. This requires big data analysis and is quickly becoming the new cyber-risk imperative.
However, context-aware continuous monitoring is not constant monitoring. The difference between constant and continuous monitoring is determined by the frequency at which continuous assessments of the day executes varies depending on the criticality of the transaction, the volatility of the application, and the degree of automation required to run an assessment in the timeframe needed to provide a decision or notification. Context-aware continuous monitoring is designed to be a proactive approach that differs from the reactive approach used by most IT organizations
Cybersecurity data volumes are growing at a phenomenal rate and organizations are struggling to be able to make real-time decisions to maintain the security and effective operations of their business systems. The conventional approach first requires data to be stored in a database, and then queries are run after the fact to detect or determine the cause of problems. Organizations are fast realizing that the data has a shelf life and the time lost to this reactive security approach does not achieve the risk management and mitigation goals of the company.
Advanced data analytics that works with the actual data in the core systems in a real-time in-memory approach will become the standard for continuous risk monitoring, and Pathlock is one of the few vendors in the market that has a solution today that uses big data analytics for real-time detection based on user, transaction and entity behavior.
Contact us today for a custom demo.
Share
There is no escaping risk in today’s multi-application la...
The Securities and Exchange Commission's (SEC) new rules on...
The global shortage of skilled accountants has been making ...
Esteemed Colleagues in Internal Audit and Risk Management: ...