Corporate and personal decisions are an important part of our daily life; many times they are made from our previous knowledge and lessons learned from similar events. To make a truly educated decision, the most complete information available is needed to quantify risks and estimate the potential returns of our actions.
Unfortunately we don’t always have the answers to life’s unexpected challenges, so it is not uncommon to feel uncertain about one’s ability to clearly frame the issue and devise an optimal solution.
Bringing the discussion to the cybersecurity space, should we consider data breaches an unavoidable business event that will occur regardless of what is done, or a potential event that can be identified in advance and mitigated? Regrettably, far too many organizations mistakenly believe that taking “calculated risks” with IT infrastructure is necessary to conduct business in the XXI century.
With data driving the business world, enterprises need systems that enhance security and reduce risk for the entire business: security, IT, operations, and C-level executives. To serve each constituent group, Vulnerability Management (VM) systems must dig wider and deeper for more relevant data to apply context and present enhanced data in a language each group understands. This requires new levels of assessment that leverage a much broader data set; one that calculates risk and business impact, and determines proper prioritization.
Not all vulnerabilities need to be patched. If there isn’t a tool available in the wild to exploit a vulnerability, there’s no need to rush through a fix. Nonetheless, the most critical vulnerabilities in an enterprise environment need immediate action, making prioritization important. The goal for security teams must be to intelligently triage vulnerabilities to determine what to address first, to significantly reduce business risk while simultaneously saving time and budget.
To achieve that goal, incorporating threat intelligence into VM systems to improve threat environment visibility and detection rates is paramount. Intelligence gathered through the investigation of security events provides useful data in responding to and mitigating threats, as well as analyzing attack behaviors.
Forensic data and analysis is also crucial for detection and prevention in analyzing the cause of cyber-attacks and providing irrefutable audit trails for corporate governance and compliance initiatives. As compliance requirements grow and fines are adopted for non-compliant organizations, forensic data will be crucial for collecting digital evidence. Forensic analysis is also valuable in clarifying root causes and techniques used to breach networks and access sensitive business data. The analysis also provides evidence regarding how deeply malware has penetrated an organization’s network.
Modern VM platforms have become much more user friendly and intuitive. They have integrations with a wide variety of security vendors to share information, coupled with threat intelligence to identify targeted and advanced attacks. This provides clients with a holistic threat intelligence security approach that includes three essentials every Chief Information Security Officer (CISO) needs to protect a business:
- Detection and Response and Recovery: The ability to investigate and confirm known and unknown threats using behavioral analytics to catch abnormalities before damage is inflicted. Using predictive models, identifying unusual traffic on the network, analyzing unusual behavior to catch new malware, and stopping attacks before they start are capabilities every CISO needs.
- Scanning and Assessment Accuracy: Intelligence gathered through the investigation of security events provides useful, high fidelity data that can be effectively used to analyze attack behaviors, as well as respond to and promptly mitigate threats. Many organizations still struggle with accurate asset inventories; unknowns pose a serious risk. Knowing what assets are on your network and what flaws put them at risk is important. Visibility is essential in the process of quantifying the relevance of assets in the network. If companies don’t know what is in their networks, they will never be able to take adequate protective measures.
- Vulnerability Intelligence: If a CISO provides direction only based on CVE/CVSS the team is going to be overwhelmed. This is where threat intelligence takes place, the incorporation of threat intelligence is essential for asset prioritization. Once security teams know which vulnerabilities to address first, it saves time and budget.
The job of a CISO is a difficult one that at times can feel like fighting wildfires caused by random lightning strikes. A modern VM platform eliminates the harried rush from one cyber event to another. It allows the CISO to dispense with poorly defined “calculated risks” and provides the structure needed to intelligently manage cybersecurity in the enterprise as a business. In the end, that should be the ultimate goal of every CISO regardless of geography or industry.