In, What Security Pros Don’t Know: Glaring Knowledge Gaps Present a Challenge, by Upasana Gupta (http://blogs.govinfosecurity.com/posts.php?postID=1110&rf=2011-12-03-eg&elq=a212d1567d31469ab06ce37d28596e45&elqCampaignId=909) she posts some very interesting survey results:
“More than half of nearly 2,000 IT security folks attending the recent Cisco Live and Black Hat USA conferences say, in response to a survey, they have no idea which internal apps and assets on their networks are accessible to outsiders. Six of 10 report they don’t know the capabilities of the tools they use, and fewer than half say they understand how network configuration changes affect the systems they support.”
This really shows a frightening lack of alignment between the business, security, network and operations teams. This lack of visibility is something sophisticated attackers count on. This just shows the amount of work still out there for vendors like Splunk to show the benefits of a more holistic view across the security, network, and the operations/applications teams. Businesses need to start buying tools based on a data-inclusion strategy that can drive efficiencies in collection, storage and analysis.