In part one of our six-part blog series on improving your cybersecurity strategy, we discuss how the industry’s reliance on a hyper-compartmentalized approach is making everyone less secure, and we share the four key questions every CISO should able to answer.
IT infrastructure often grows up with a company. New tools, applications, systems, and user profiles are bolted onto the greater whole as the need for them emerges, usually without being given much strategic consideration. Organizational silos spring up around these additions as teams discover that each new tool requires new skills to deploy and maintain. Before long, the entire operation can resemble a ramshackle old house onto which each generation of homeowner has attached a new room.
Threats lurk in the dark corners. Unforeseen vulnerabilities, aging tech, distributed data centers, network sprawl, greedy insiders, and gullible users thrive. With the components of enterprise IT infrastructure scattered and compartmentalized, it’s difficult for any one person or team to achieve holistic visibility into the entire network.
Lack of visibility makes it difficult to find these siloed threat vectors, and even tougher to address them once they are found. That’s because, in most cases, the tools and tactics available are only designed to tackle specific and unintegrated areas of concern. We often see security tools being deployed scattershot throughout the organization. We see teams in operations, applications security, DevOps, network security, machine learning, high performance computing teams, Security Operations Center (SOC), and auditing and compliance all pursuing and deploying their own discrete tools. And there is no shortage of security tools. More than 600 vendors were on the expo floor at the RSA Conference 2018.
While these issues are nothing new, addressing them has never been more urgent as the attack surface continues to expand. In our work with IT and cybersecurity professionals, we often hear about the challenges of protecting all the isolated apps — and the distributed computing and storage platforms — in use throughout the enterprise. Operational technology (OT) and internet of things (IoT) devices introduce their own sets of problems, since these internet-connected solutions are often deployed outside the auspices of the IT organization.
In most cases, organizations end up integrating apps through APIs and putting a multitude of clouds under a single management platform purview in order to manage the lot of them at once. But even this approach is only a stopgap. It’s no substitute for a holistic cybersecurity strategy which emphasizes visibility across the network and applies granular insights about the threats that may be lurking among them, so organizations can effectively prioritize responses. We call this approach Cyber Exposure.
Cyber Exposure is an emerging discipline for managing and measuring cybersecurity risk in the digital era. Cyber Exposure transforms security from static and siloed visibility to dynamic and holistic visibility across the modern attack surface. It’s the foundation upon which to build a cybersecurity strategy that accommodates the entirety of the modern attack surface.
Building a holistic cybersecurity strategy using the discipline of Cyber Exposure enables you to answer each of these four questions about your organization at any point in time:
Your ability to accurately answer these four questions is vital to understanding the total risk exposure and the effectiveness of your cybersecurity measures. But if you’re dealing with a heavily compartmentalized IT infrastructure, it may seem daunting to know where to even start moving toward a more holistic strategy.
Here are three tips you can begin using today to help you begin your journey toward a holistic cybersecurity strategy.
In part two of our six-part blog series on improving your cybersecurity strategy, we’ll explore in more detail how to prepare your organization to answer the question “Where are we exposed.”
Learn more:
Did You Know?
Cybrary training is FREE
Just create an account now for lifetime access. Members login here.
We recommend always using caution when following any link
Are you sure you want to continue?