Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Blueprint for a Modern Enterprise Security Program

There’s no doubt, we’re living in a data and intelligence-driven world when it comes to enterprise security. The volume, velocity, and complexity of information security data that must be processed to detect advanced attacks and, at the same time, support new business initiatives has been growing exponentially. However, data in its raw form is still only a means to an end.

There’s no doubt, we’re living in a data and intelligence-driven world when it comes to enterprise security. The volume, velocity, and complexity of information security data that must be processed to detect advanced attacks and, at the same time, support new business initiatives has been growing exponentially. However, data in its raw form is still only a means to an end. This begs the question: How can modern enterprise security programs be adapted to gain actionable insight from all the data they collect?

According to Gartner (see ‘Information Security Is Becoming a Big Data Analytics Problem’, written by Neil MacDonald), 40% of enterprises actively analyze at least 10 terabytes of data for information security intelligence, up from less than 3% in 2011. Traditionally, this data is gathered from the perimeter, meaning the network and endpoints. However, in today’s dynamic threat landscape organizations need to extend their ‘monitoring coverage’ to include applications, databases, mobile devices, the Internet of Things, and emerging technologies such as microservices and containers. That being said, organizations will be forced to process even greater amounts of data.

Unfortunately, a significant portion of information security resources are consumed by data gathering and aggregation processes. This is one of the biggest limitations when it comes to driving down time-to-remediation and predicting threats before they come to fruition. Another challenge involves creating context around security big data, so it can provide actionable insight. To achieve this, data needs to be correlated with its business criticality or risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that in reality pose little or no threat to the business. Furthermore, big security data needs to be filtered to just the information that is relevant to specific stakeholders’ roles and responsibilities. Not everyone has the same needs and objectives when it comes to leveraging big data.

Considering the ongoing skill and expertise shortage, and increasing frequency and sophistication in threat activities, many organizations are rethinking their enterprise security model. Rather than adding more tools, organizations need to implement a new, more efficient approach that is based on continuous cyber risk scoring for improved situational awareness and actionable insights. The objective is to move to full and / or semi-automation of operational activities. At the same time, implementing continuous, pervasive monitoring and analysis across the entire attack surface, not just the network or endpoints, is required for an adaptive and risk-based response to advanced threats.

In this context, intelligence-driven cyber risk management is often seen as a clear path for organizations to operationalize cyber security practices, breaking down silos, and enhancing security operations tasks through automation. 

Cyber risk is made up of many factors including compliance posture, threats, vulnerabilities, reachability, and business criticality. For each of these, organizations collect huge volumes of data that they need to aggregate, normalize, and then assess for their impact on the business. Fortunately, new technology – cyber risk management – is emerging that helps not only aggregate internal security intelligence and external threat data, but more importantly correlates these data feeds with its business criticality or risk to the organization. The end result is automated, contextualized security metrics that align with business objectives.

Besides leveraging cyber risk management tools, organizations should also consider the following measures to ensure they’re operationalizing security intelligence as effectively as possible:

Assure ongoing categorization of assets within the organization to establish a benchmark for determining the business impact of threats and prioritization of remediation actions.

Advertisement. Scroll to continue reading.

Apply best practices outlined in the National Institute of Standards and Technology (NIST) Cybersecurity Framework; especially their referenced security controls library.

Increase the frequency of vulnerability scans and other methods to gather more timely security intelligence, which can assist in the detection of security gaps, control failures, and also verify if remediation actions were effective.

By implementing these measures, while correlating and contextualizing external threat data with internal security intelligence and business criticality, organizations can operationalize their cyber security practices to shorten time-to-detection and ultimately, time-to-remediation of cyber threats. 

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...