Our own CISO Lenny Zeltser was recently interviewed on CISO Dojo Podcast by hosts Joe Sullivan and Stacy Dunn. In the episode titled “From Reverse Engineering Malware to CISO”, Lenny talked about how he got into information security and the path that led him through reverse engineering malware and ultimately becoming a CISO.
In this excerpt from the podcast, Lenny provides insight on how remote work has impacted asset management for cybersecurity and sheds light on some of the top challenges facing security teams today.
Editor’s note: The following transcript has been edited for brevity and length.
Joe Sullivan: What challenges do you see organizations facing when it comes to asset management, especially with remote work?
Lenny Zeltser: Keeping track of your assets for the purpose of understanding whether they're configured in a way that is acceptable to the organization has always been hard. But with employees working remotely, keeping track of assets has become even harder. That’s because you can't rely on the same data sources as before.
A lot of organizations rely on network scanners, vulnerability scanners, or NAC solutions to see who’s on the network and use that as a source of asset information. Now that so many of your employees are remote, that approach doesn't work.
A lot of organizations are now tapping into their EDR or EPP tools as a source of information about their assets, because they know they can't access it directly over the network anymore.
Organizations and employees are also relying much more on cloud and SaaS-based resources. This presents another challenge for asset discovery and oversight. Systems running in cloud infrastructure, you can't scan them fast enough because in many cases they are gone before you get a chance to scan them.
Plus, what about applications that you don't even deploy yourself, because they're provided by your SaaS vendor? Are they in scope of your asset management ambitions? If so, how do you even discover them when somebody uses them?
If organizations had a hard time keeping track of their assets before cloud, SaaS, and remote work, then now, of course, they're struggling with it even more.
That's why there are solutions, like what Axonius provides, that have a more modern perspective on asset management and asset discovery.
Joe: What are some of the challenges that security teams are facing or expect to face?
Lenny: When I look at business and IT trends, I see the increasing adoption of cloud and SaaS-based resources. What that means is, IT and security organizations have less and less direct control over the assets that our business users are relying on. This makes it very hard for IT and security teams to have the right oversight of the business’ security posture.
Another challenge we need to come to terms with is the increasing volume of signals that we want to pay attention to as security engineers and security leaders, to identify malicious activities and incidents. There's more and more data becoming available and that should make our job easier. But when you have too much data, you don't know what to pay attention to. This calls for finding some way to use automation, because humans just can't keep up with it.
And then, of course, understanding how to keep track of what's happening in our environment is another challenge. A part of that is asset management. Another part is understanding what our business users are trying to achieve. But in many cases, it’s becoming harder for the security professionals to really understand where the business is going.
Answering questions like, “How can we truly provide value? What role does the security team play as part of the value chain?” are not getting any easier for security teams, but it's more important now than ever, because they got to show value.
Want to gain more insights from Lenny on all things security? Start exploring Life as a CISO today.