Many organizations seek the answer to the million-dollar question of why traditional cybersecurity programs is siloed, when the cyber-attack surface is dynamic. SmartStateIndia had the opportunity to have an exclusive interaction with Glen Pendley, CTO, Tenable, who shared his insights about the cybersecurity landscape and the models that an organization now need to adopt for a holistic view for a robust security of its infrastructure.
Here’s the excerpt from the interaction:
Why are most cybersecurity programs siloed when the attack surface is dynamic?
There are many reasons from an organisational structure standpoint why security programs are siloed. Most security programs are built on a hodgepodge of technologies. This is because in most large organisations security functions are highly specialised. Often there are teams handling proactive and preventative measures such as vulnerability management, cloud security and identity access management. And there are separate teams that handle reactive measures including threat hunters, security operations centres and incident responders. Security professionals in these teams are likely operating in their respective vacuums, each using their own bespoke tools, churning out massive amounts of data, which ultimately ends up on different spreadsheets. The result is siloed data that doesn’t allow organisations to see the full scope of their cyber risk.
Is traditional cybersecurity a match for the modern cybercriminal?
When cybercriminals look into an organisation’s attack surface, they are looking for the right blend of vulnerabilities, misconfigurations and identities that will give them the access to information they need to meet their objectives. And yet, most cybersecurity programs are siloed as organisations are drowning in a pool of tech tools without the capacity to quantify cyber risk or gain visibility into the entire attack surface. Traditional cybersecurity approaches are no longer valid as cybercriminals grow more sophisticated. Organisations need a shift in how cybersecurity programs are set up altogether — and they need to focus on exposure management to establish a strong line of defence.
What does a modern-day security program look like and how does it help organisations anticipate and prevent cyberattacks?
Securing the modern attack surface requires a deep understanding of all the conditions that make up today’s complex and dynamic landscape. A modern security program relies on exposure management as it brings together vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management. It helps organisations comprehend the full breadth of its exposures and take necessary measures to reduce them through remediation and incident response workflows.
A modern day-security program cannot look at software vulnerabilities alone as it doesn’t give you a complete picture of the cyber risk. Just as the attack surface cannot be viewed in a vacuum, vulnerabilities, misconfigurations or internet-facing assets cannot be viewed in a vacuum. Context matters. This is why security programs need the ability to see the entire attack surface holistically. Organisations need to see all their software vulnerabilities, misconfigurations, who is using what systems and what level of access they have on one single platform.
How can organisations assess the efficacy of their cyber programs to gain a complete picture of their exposure?
Quantifying risk and measuring the efficacy of security programs is critical to understanding whether or not tech investments are paying off and improving an organisation’s cybersecurity posture. Measuring the efficacy of a security program requires teams to complete four crucial steps. Firstly, assess the existing security technologies to understand if they are working well together to give comprehensive insights into an organisation’s exposure.
Secondly, it’s important to contextualise an organisation’s visibility into the attack surface, from endpoints to the cloud. Organisations need to have an understanding of what assets they can see, where their blindspots are and the areas they require more visibility into. Doing this exercise will help organisations understand whether existing security programs give them a holistic picture of the attack surface.
Thirdly, prioritise security efforts by focusing on the most critical areas that need attention. Security teams need to ask themselves whether the tools they use enable them to prioritise remediation in a predictive manner, if they are incorporating threat intelligence to understand the threat landscape and whether they are able to analyse all of the various attack paths that reach the most critical assets.
And lastly, measure the remediation processes to determine how well the organisation fares in reducing cyber risk. This can shed light on how the organisation compares with its peers and what improvements are necessary. When security programs are able to perform all these functions, the risk is quantifiable and can be communicated to both executive business management and the security organisation effectively.
With the proliferation of data and information like never before, how can security professionals correlate and analyse the data to make better, informed decisions?
With a unified exposure management platform, security professionals can anticipate the consequences of a cyberattack by drawing upon the large data sets available on a single platform. It also provides context about the relationships amongst assets, exposures, privileges and threats across an attack path. With all the data on one platform, security teams can continuously identify and focus on the attack pathways that present the greatest risk of being exploited. Leveraging data can provide accurate and predictive remediation insights, enabling security professionals to proactively reduce risk with the least amount of effort to help prevent attacks.