Three steps to take your Cyber Strategy from defence to offence
November 28, 2018
It is an indisputable fact that preparedness before an incident is significantly less costly than incident recovery. History shows that maintaining tight control over the environment to limit the potential for abuse, close vulnerabilities and ward off threats is effective. And yet, prepare and protect efforts lag behind monitor and respond in many organisations, despite security incidents that continue to be traced back to well-known, well-exploited – and too often, preventable – vulnerabilities and exposures.
So, if organisations understand the security coverage and cost benefits of prepare and protect, what is stopping them from flipping their cyber strategy and going from a reactive approach to becoming proactive?
Here are three clear steps that companies can take to go from firefighting to fireproofing.
Address a profusion of tools and data
The profusion of tools and data with their operational silos obscures the true state of the organisation’s security posture. To address this, an organisation must maintain an up-to-date and accurate record of the organisation’s asset inventory. Although this sounds like an easy task, gathering asset data from across the organisation is deceptively difficult.
The problem starts with the myriad of operational silos that have to be crossed – on-premises and externally hosted devices and applications, mobile devices and tethered desktops, servers and endpoints, and virtual and physical devices. Coordinating a unified asset inventory involves cross-organisational management support, as well as techniques that likely differ from one domain to the next.
Unfortunately, technology and operations silos may never disappear. However, modern methods of data collection, management and analysis at scale can overcome many of these barriers to comprehensive visibility and action. Today’s techniques support collection from multiple and varied sources for centralised analysis that can provide multiple views into the data depending on the need. Asset data can be united with vulnerability intelligence to correlate where and how widely the most severe issues can be found. Through techniques such as breach and attack simulation, threat data can reveal if attacks are imminent in concert with insight into the accessibility of exposures.
Accurate data that can be trusted has another advantage. It resolves between Security and IT by giving them complete and accurate visibility that they have to agree on – so then they can focus on remediating risk, rather than arguing about data.
Shift to automation
Organisations have historically attempted to forge a proactive security strategy by relying on experienced people to manage all the disparate tools, data and operational groups. Security operations teams live this every day with monitor-and-respond approaches requiring people to triage alerts, interpret incidents and respond to security problems.
Relying on staff becomes strained as the organisation grows and complexity from the profusion of tools and data increases. Qualified security operations personnel are hard to find and expensive to hire. In addition, trying to keep up with and close security issues – alternately stressful and mundane without better tools to help handle the load – can lead to burnout and make it more difficult to retain critical staff.
The good news is that automation and analytics have advanced in multiple realms to shift this reliance away from people and take advantage of what technology can do better. In IT, we see these advances helping organisations automate the deployment and management of resources, respond to changes in demand with highly elastic availability, and minimise downtime and operational failures through predictive insight. In security, these same techniques can be applied to shaping a more resilient environment and improving the integration of detection with response.
Because of the many obstacles facing a strategy to prepare and protect the business, organisations have often skewed their investments toward threat detection, threat awareness, monitoring and incident response management. Fortunately, technology that supports a strategy of prepare and protect is catching up and helping to provide a balance.
Advances in data management and analytics enable security operations to readily gather data from multiple sources, rationalise differences between these sources, and present customised views into the data. All of this can be done with higher speed and accuracy than previously possible.
As we look to the future, the need to prepare and protect will become more urgent; organisational infrastructures are becoming more complex as billions of smart devices coupled with a growing diversity of technologies demand a scalable approach to security. Adversaries, too, recognise how their strategies must adapt.
The risks are too great to ignore. The technology is available; the time to act is now – before organisations become even more overwhelmed with what threats they will face tomorrow.