A Sense of Security Blog

If you have only one dollar to spend on cyber security . . .

Posted by Dr. Edward G. Amoroso, Former SVP and CSO of AT&T; Current CEO of TAG Cyber, LLC. (September 8, 2016 – Hoboken, NJ)


When I first saw the beautiful network mapping visuals being produced by Lumeta, my immediate reaction was that I needed one framed for the wall over my desk. These early visuals were gorgeous and made the Internet look almost as good as the images of the sky that those annoying astronomers have had bragging rights to for so many years. With these early Lumeta images, computer scientists could at least have more interesting offices.


What I totally missed in all this early hype was the critical message embedded in what Lumeta was doing at the time. I realize now that they were pioneering an idea that every enterprise security teams should now take to heart. It is an idea that they have since expanded upon and built into their solution set. And this idea is perhaps best expressed by the following little admonition:


If you have only one dollar to spend on cyber security, then you should spend it increasing the visibility you have into your network.


I believe this to be one of the great axioms of cyber security. And I also believe that visualization is as powerful a technique as any in making network intelligence compatible with the human capacity to observe and reason. So while I was researching my 2017 TAG Cyber Security Annual, released for download today, it occurred to me to dig back into the technology of an old friend – namely, Lumeta.


What I found was a fine technology firm building amazing products that provide insights into networks, enterprise systems, application environments, and now cloud-based services. And while they still make nice maps that are always suitable for framing (yes, I have one in my office), the more salient point is that visibility into a network provides more insight into vulnerability posture, security weaknesses, and areas for architectural improvement than arguably any other aspect of a security program.


So, if you have only one dollar to spend on cyber security . . .