Unfortunately, we have a problematic and unstable neighbor. Without getting into details, he often yells obscenities, threatens physical harm, threatens property damage, and other such undesirable things. Sadly, involving the police from time to time and getting two restraining orders did not discourage this neighbor from his outbursts and threats.
The police and courts explained to us that a healthy person is afraid of the law. This is logical – most of us don’t commit crimes, and this is partly because we are afraid of the consequences. But when a person is unstable and believes that they can talk their way out of anything as long as it is your word against theirs, there is little recourse. In other words, if a person is careful to behave badly only when there is no record of that behavior, it is very difficult for the police and courts to do much about it.
Even given this, we have, thankfully, had several months of quiet. How so? We found something that the troublesome neighbor did fear – being caught on camera. We installed home security cameras, and nearly instantly, we had complete quiet. We went from constant unpleasantness to total quiet overnight. In fact, one of the first videos we collected on one of our home security cameras was of our problematic neighbor approaching our door, realizing we had installed a home security camera, and then quietly walking away rather than launching into a tirade. Since then, quiet.
Why am I sharing this story? I believe that there is an important security lesson we can learn from this. Namely, the importance of visibility – not merely for compliance, audit, security monitoring, and other reasons that we are likely all familiar with. But beyond that, like in the case of our troublesome neighbor, visibility keeps people and teams honest, and that can bring huge benefits for the security organization.
Before getting into the benefits for the security organization, it is worth clarifying what I am referring to when I mention visibility. When thinking about visibility, it is important to remember the need to see what is happening at all layers. Beyond just the network, endpoints, and access logs, but also the application layer. This includes detailed insight into both traffic traversing the API infrastructure, as well as traffic leveraging AI capabilities. Without this, it is nearly impossible to properly monitor applications, never mind detecting, investigating, and responding to any incidents that may occur.
As I mentioned above, there are other benefits to visibility beyond those we are most familiar with. What are some of these additional benefits? There are many, but here are a few of my favorites:
- Improved relationships: It’s no secret that security teams and application owners don’t always have the best relationships inside an enterprise. Improving this relationship is, naturally, a goal of many security teams. Yet, in many cases, this is easier said than done. This is where data can help, be it from application traffic, API Discovery, vulnerability scanning, red team, or otherwise. When the discussion around the relationship between the security team and the application team is a data-driven one, it is often more impactful. Showing real data that shows real risk (rather than generic information) serves as a great catalyst for moving a relationship forward. This is a great bonus that visibility brings to an enterprise.
- Better user behavior: While we would like to believe that people will behave as desired even when not being watched, this is not reality unfortunately. In the analog world, people usually behave better when they believe they are being watched. For example, speed cameras on roadways generally keep vehicle speeds down. Similarly, in the digital world, when users understand that their activities are being watched, they usually behave better as well. They are less likely to visit inappropriate sites, engage in questionable activities, violate policies, install unvetted third-party software, and other such risky behaviors. This is another great benefit to visibility.
- More informed decision-making: The most sound decisions are data-driven ones. Of course, the more complete and accurate the data upon which decisions are based, the more informed those decisions will be. While complete knowledge and total visibility is impossible, there is usually still plenty of room for improvement within most enterprises. It takes some effort, but investing the time and resources required to identify and address gaps in visibility brings many rewards. One of them is vastly improved decision-making.
- More accurate risk assessment: At its core, security is about managing and mitigating risk. The more visibility a security team has, the better the input to the risk management process will be. With better input to this process comes more accurate risk assessment, which is a huge win for the security team. Yet another bonus that comes from improved visibility.
Modern enterprises are complex, sprawling, and messy. They often operate with hybrid and multi-cloud infrastructure. This can make it far more difficult than it used to be for enterprises to get adequate visibility at all required layers, including the application layer. While it is a significant investment in time and resources, identifying and addressing gaps in visibility brings with it many rewards. We in the security community discuss some of those rewards frequently. But there are additional, bonus benefits to improved visibility that are also worth considering.
