Every change, every update to systems affects an organisation's compliance status. Manual audits and checks take too long and can leave systems dangerously vulnerable to exploits. Automation reduces the window of exposure, and helps to ensure risks are managed and compliance is maintained.
London, UK (Vocus) October 8, 2009
Enterprises that do not have automated methods for finding network vulnerabilities and tracking risks are gambling with their corporate data and reputation. This was a key message from the recent Security Risk & Compliance Forum in London, organised by Skybox Security and BT.
The Forum brought together 40 senior IT and infosecurity staff from leading companies, to discuss the issues of risk and compliance management in complex, decentralized networks. It also highlighted the scale of the challenges faced by IT staff, with 75 percent reporting significant growth in their networks in the past year.
A majority (63 percent) said they used automated solutions for identifying risk and compliance issues, and vulnerabilities in their network. When asked to name the single IT risk or compliance issue that kept them awake at night, 44 percent named identity and access management. Thirty-eight percent expressed concerns about board-level interference with security policy decisions, and 18 percent said cutting risks of data leaks and losses was the issue that concerned them the most.
The event featured three keynote speakers: Stephen Bonner, global head of information risk management for Barclays Group; Ray Stanton, global head of business continuity, security and governance requirements for BT, and Gidi Cohen, CEO and founder of Skybox Security
Gidi Cohen warned that periodic audits and checks on security systems are no longer enough to ensure effective risk mitigation and policy compliance. "Every change, every update to systems affects an organisation's compliance status. Manual audits and checks take too long and can leave systems dangerously vulnerable to exploits. Automation reduces the window of exposure, and helps to ensure risks are managed and compliance is maintained."
Ray Stanton used his presentation to show how organisations that manage risks effectively are better positioned to respond to and remedy adverse events, helping to protect their brand's reputation and control costs. He used the example of Credit Suisse, which deployed Skybox's risk management solution to automate risk assessments, performing these daily instead of semi-annually. This gave Credit Suisse a full ROI within one year and a 300 percent ROI in three years.
Stephen Bonner made the point that organisations can either approach compliance as a checklist of controls to satisfy auditors without managing or reducing risks, or they can use compliance methodology and risk management tools to improve their security and compliance stance and cut costs.
Skybox recently announced the availability of Skybox View® 4.5, which helps enterprises accurately pinpoint and prioritise areas of high risk and predict compliance exposures in just minutes. The unique combination of automation and advanced analytics enables enterprises to proactively visualise and eliminate IT security gaps and threats before they can be exploited. With Skybox View organisations can continuously and intelligently protect their irreplaceable brand while saving time and money.
Through automation and advanced analytics, security can be improved, security controls can be optimised and return-on-investment (ROI) can be achieved in a matter of months. Customers report dramatic results after implementing Skybox solutions:
- Reduction of IT risk exposure window by up to 90 percent
- Reduction of security compliance costs by as much as 85 percent
- Optimisation of manual processes - time and labour savings of up to 80%-90%
- Reduction of firewall compliance audit process to just minutes - as much as a 75 percent time and labour savings
- Verification of control effectiveness - despite complexity and constant change
Presentations from the forum are available from http://www.skyboxsecurity.com/?CategoryID=253&ArticleID=322
Skybox Security, Inc.
Michelle Johnson Cobb, +1 (408) 441-8060 x2019
Tanya Candia, +1 (650) 619-2874
About Skybox Security, Inc.
Skybox Security, Inc. is the leader in automated security risk and compliance management solutions, helping IT organizations pinpoint and prioritize security risks, compliance, and availability exposures within minutes. Our solutions automatically collect and analyze comprehensive data about network topology and systems, configuration settings, threats and vulnerabilities - anticipating the most urgent IT concerns before harm has been done. Medium to large organizations in Financial Services, Telecommunications, Retail, Government, Utilities, and Defense rely on Skybox Security solutions to reduce risk exposure and achieve compliance. For more information visit http://www.skyboxsecurity.com.