Leveraging his background as a software engineer, Namaste Reid, one of Automox’s Directors of Software Engineering, fills a multifaceted role where he wears numerous hats and does a little bit of everything, from participating in code reviews to helping make architecture and design decisions.
In this week’s Get to Know the Automox Team blog post, Namaste discusses his role as a Director of Software Engineering, his thoughts on the cybersecurity space and why minimizing the exposure of every system in the environment is a crucially important aspect of cybersecurity.
Cybersecurity is Just Security
When looking at the cybersecurity industry, Namaste believes “it’s kind of just security.” Over time, if you look at where people need to feel safe, it’s where they spend most of their lives. When you’re in your home and want to feel safe in your community, then you need security in the form of police or, at the national level, the military. Now that we’re living so much of our lives in the cyber realm, through our phones, on our computers, people need to feel safe and know they’re secure when they’re online.
“To be able to work in this industry means that we have an opportunity to impact the world in a positive way, at a very fundamental and cross-cutting level.”
Consequently, it’s important to understand the nature of cybersecurity and security in general. Namaste believes that it’s always an arms race between the defense and offense, and there’s never a point where any system is one hundred percent secure. As such, it’s very important to continue to invest in cybersecurity, remain aware of security concerns and to have the best cybersecurity defense you can at any given point.
“The risks never go away, and there’s always new vulnerabilities as software changes and evolves. Some issues are fixed, others are created, and it’s part of our job to help people be safe against those as a moving target.”
As a result, Namaste says there’s no point where the industry will be able to say, “we’re done, we’re finished, everything is one hundred percent secure.” One of the best ways to ensure the security of IT infrastructure, however, is patching and ensuring that IT systems are up to date. The other big thing, according to Namaste, is visibility, understanding which systems are on your infrastructure, what their level of patch compliance is, and then performing the patch to get in as strong of a defensive posture as possible.
The Cyber Threats Are Real
While some organization or companies that operate in certain industries feel like they might not be the target of a cyberattack, the threat is real for everybody. There are companies in finance and healthcare that are bigger targets because of the sensitive nature of their data, but a lot of cyberattacks are very broad and can take many different forms. As a result, if there are devices that are exposed to the internet and vulnerable to a known issue, then there are automated routines that bad actors are going to use in an attempt find that device, take it over and use it for various malicious ends.
Another crucially important aspect of security is minimizing the exposure of every system in the environment both in terms of on the network and on the internet. Knowing if a device does not need to be directly connected to the internet or whether it can be sequestered behind some layers in a network such that there’s a layer between that device and external connections, filtering incoming connections using firewalls and access control lists — those are all essential. The other side is limiting access internally. That means the minimum set of people that need to access that device in order to maintain functionality and efficiency across the organization. On top of that, it’s monitoring and alerting for suspicious activity, and then, of course, patching vulnerabilities and keeping systems up to date.
Advancing Security Beyond a la carte Solutions
While there are a lot of security tools out there that are great at what they do, the industry lacks a comprehensive toolkit to inventory and secure systems. As a result, most organizations shop for cybersecurity solutions a la carte, taking, for example, some patch management solution from this company over here, some network and security monitoring from a company over there, putting them together and hoping their infrastructure is secure.
Despite the number of innovative and trendy security tools out there, there’s still a lot of room for improvement in all of them. As such, the industry needs to spend the next few years focusing on the consolidation of tools so that organizations can have quicker, easier and more comprehensive security solutions applied to their systems.
“Patching is important, it’s not an option, and it can be a lot easier if you use the right tools.”
Automox: the Right Tool for Automated Patch Management
Speaking of using the right tools, automation is huge both in terms of time savings and efficiency but also in terms of reliability. Any time a human is involved, there is a chance that they can lose concentration and make a mistake. When you automate a security task like patch management, however, you not only document it and preserve it for future analysis, but you also gain repeatability.
At Automox, we work with a myriad of different types of computer configurations, whether it’s different OSs, OS versions, types of software or the specific network configuration our customers have. According to Namaste, our approach is generally to strive for as much reliability as possible. Thus, we work through our support channel to understand and resolve the scenario that our customers have, but because we’re in the role of delivering updates for third-party software vendors, there can be a change in any piece along the way that causes a failure. That being the case, our challenge is, ideally, to identify and resolve those before our customers are impacted — it’s always a moving target to keep on top of that.
Fortunately, Namaste is thrilled by the really amazing group of people we have here at Automox.
“At the end of the day, it’s a lot of time spent working with other people, and everybody here wants to do the right thing for the customers and is willing to ask the hard questions to drive forward progress and improvement.”
One of Namaste’s favorite parts about working for Automox? As cliché as it sounds, it’s having the opportunity “to make the world a better place” because the current amount of time and money spent dealing with cybersecurity breaches is astronomical and inefficient.
“Use Automox. Patch your shit, it’s pretty simple. If you’re cutting corners, you’re creating risk.”
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution visit www.automox.com/signup.