Before we go any further, lets look at the current challenges IT department faces in a large MNC environment and some of you might find these familar.
1. Zones in the network
For some folks, its quite common to pick up DMZ, Extranet, Internet, Corporate network, and so forth. For best practices in some courses of Microsoft certification, one might even suggest to separate HR, payroll, and accounts from one another and have their own silos. Further, when you have isolated network within the corporate network, how does one ensure completeness of your SIEM when the firewall is doing its job, i.e. blocking the traffic?
2. IT Asset Inventory
HP XXXX $YYY
IBM XXX $YYY
OEM XXX $YYY
How useful are these information on Finance's invoices? Familiar? Even if these invoices are fed to the engineer responsible to perform data entry into the IT asset inventory, he will need time to gather more information such as IP addresses, department user, system owner, information owner, and the list goes on. For legacy records, its a headache because the tagging often comprises of "guess work" or wall to wall check against MAC addresses. Imagine doing wall to wall check during covid19 situation or another pandemic similar situation. Hence, we thought maybe its time for businesses to consider barcode scanning and usage of drones within the physical data centre.
3. Impatient management - "The XXX invested millions and I don't have time to wait!"
You have already implement the solution into production network, why is it not operationally ready?
We have spent millions and this thing can't even catch a thing?
Why are you guys still spending time and renewing licenses of the older appliances?
Management tend to jump the gun because they spent millions and during a pandemic, it just doesn't help because CFO and FCs are looking at cost optimizations and budgets get cut or transferred to other parts of the operation to meet the ends. Hence, lots of justifications are needed. However, it is important to know that cuts must be in line with the revenue or customer base else threat actors would love to see CFO or FCs performing such cuts because that is going to make their recon much easier.
Coming up next:
- Bring your own device (BYOD)
- Threat actors are human
- Human behaviours are dynamic
- Rules are static and machine learning takes time