Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Three Pillars for Operationalizing Cyber Risk Detection, Prevention, and Response

Breaking down silos created by individual security products and streamlining collaboration between security and IT operations remains the biggest cyber risk management challenge facing organizations. This finding is based on feedback from leading security executives during a recent multi-city tour organized by the CISO Executive Network.

Breaking down silos created by individual security products and streamlining collaboration between security and IT operations remains the biggest cyber risk management challenge facing organizations. This finding is based on feedback from leading security executives during a recent multi-city tour organized by the CISO Executive Network. The biggest concerns for security practitioners in defending against cyber-attacks are centered in three core areas: Identification, Prioritization, and Orchestration of Remediation. Their ultimate stated objective is to operationalize cyber risk management and implement a pro-active, rather than reactive, approach to cyber risk detection, prevention, and response.

Organizations face an uphill battle when it comes to cyber security, as the attack surface they have to protect has grown significantly and is expected to balloon even further. While it was sufficient in the past to focus on network and endpoint protection, nowadays applications, cloud services, mobile devices (e.g., tablets, mobile phones, Bluetooth devices, and smart watches), and the Internet of Things (e.g., physical security systems, lights, appliances, as well as heating and air conditioning systems) represent a broadly extended attack surface. According to the 2015 Global Risk Management Survey, 84% of cyber-attacks today target the application layer and not network layer, requiring a more holistic approach to cyber security.

This “wider and deeper” attack surface only adds to the existing problem of how to manage the volume, velocity, and complexity of data generated by the myriad of IT and security tools in an organization’s network. The feeds from these disconnected systems must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. And the broader the attack surface, the more data to analyze. This approach requires legions of staff to comb through the huge amount of data to connect the dots and find latent threats. These efforts can take months, during which time attackers can exploit vulnerabilities and extract data.

This situation is being aggravated by the fact that, according to ISACA, a global IT association, the industry is facing a shortfall of a million security professionals globally. For most organizations, the prospects of hiring the staff needed to aggregate, normalize, and analyze the vast amount of data needed to assess cyber risk exposures are slim.

Breaking down existing silos and automating traditional security operations tasks with the help of technology has therefore become a force-multiplier for supplementing scarce cyber security operations talent.

To successfully operationalize cyber security practices, progressive organizations are turning to new emerging technology that serves as an aggregation and orchestration layer that sits on top of their existing IT and security tools, and assists in the Identification, Prioritization, and Orchestration of Remediation of cyber risks.

Let’s take a deeper look at each of these three pillars:

Identification

Advertisement. Scroll to continue reading.

In order to understand what remediation actions are needed to minimize an organization’s cyber risk exposure, identification is the first step. With many organizations overwhelmed with the volume, velocity, and complexity of internal security data, it has become crucial to streamline the identification process. This step has become the Achilles heel of day-to-day security operations for many companies.

The use of human-interactive machine learning engines can automate the aggregation of data across different data types; map assessment data to compliance requirements; and normalize the information to rule out false-positives, duplicates, and enrich data attributes.

Prioritization

In the past, the majority of organizations primarily focused on their internal security posture when it comes to cyber security and therefore had a difficult time prioritizing their remediation actions based on business criticality. By leveraging emerging technology, organizations can place internal security intelligence, external threat data, and business criticality into context to derive a holistic view of risk posture across networks, applications, mobile devices, etc. In this way, security teams can determine what imminent threats they face from cyber adversaries, and which ones present the highest threat to the business.

Orchestration of Remediation

Increasing collaboration between security teams which are responsible for identifying security gaps and IT operations teams which are focused on remediating them, continues to be a challenge for many organizations. Using the cyber risk management concept as a blueprint, it’s possible to implement automated processes for pro-active security incident notification and human-interactive loop intervention. By establishing thresholds and pre-defined rules, organizations can also orchestrate remediation actions to fix security gaps. Meanwhile, cyber risk management provides a way to measure the effectiveness of remediation actions and ensure risks have been successfully eliminated.

To increase remediation effectiveness, emerging cyber risk management tools also provide playbooks that include step-by-step instructions on how to tackle the most critical vulnerabilities. The intelligence-driven cyber risk management model also mandates a closed-loop remediation process, which assures that a ticket is only closed once the effectiveness of a patch has been revalidated. Unfortunately, many organizations close out tickets as soon as a patch is applied without testing whether it actually fixed the problem. This leaves them vulnerable to a big blind spot if the patch failed.

By implementing these three main pillars, organizations can operationalize their cyber security practices to shorten time-to-detection and ultimately, time-to-remediation of cyber threats.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...