By Haythem Hammour, Product Marketing Manager, Brinqa
A primary goal for most information security organizations today is the identification, prioritization, and remediation of cyber risk. Businesses struggle with risk management for a variety of reasons, including disconnected teams and stakeholders, limited resources, data overload and lack of consistency.
The enterprise IT infrastructure is evolving at a rapid pace. SaaS, IaaS, and cloud-native technologies have enabled businesses to embrace digital transformation, but they have also made enterprise IT environments more diverse and complex, and difficult to manage and secure. Software applications also represent an important attack surface. Most organizations’ software infrastructure comprises very diverse entities – internally developed applications, externally sourced software, desktop applications, web applications, mobile applications, open-source components, SaaS, APIs, and web services.
The cybersecurity infrastructure to secure these elements is equally diverse. Different products may be used for testing for vulnerabilities in network, cloud, and container infrastructure. Separate, dedicated security products may be used for static application testing, dynamic or web application testing, and software composition analysis. Securing software infrastructure also requires DevSecOps, mobile security, penetration testing, and more. And, in most cases, these components and the corresponding security infrastructure are owned and managed by different teams, with little communication and collaboration.
A further challenge arises from the use of the cybersecurity tools themselves. They provide valuable and useful insights, but this data can easily get lost in a deluge of irrelevant information. Threat intelligence is a prime example of the need to identify and utilize relevant information while ignoring the noise. Making things more difficult is the reality that information about a particular entity may be distributed across multiple tools and locations.
Organizations need to be able to connect, model and analyze relevant security, context, and threat data. That’s the best way to deliver knowledge-driven insights for cyber risk prioritization, reporting, and remediation. Companies need to implement a cyber risk management program that can:
- Intelligently connect vulnerability, asset and threat data from all sources for complete visibility and understanding of cyber risk.
- Prioritize remediation to address the most impactful, exploitable, and prevalent risks.
- Eliminate the noise of false positives and irrelevant information.
- Automate closed-loop remediation of risks at scale through creation, tracking and escalation of tickets.
- Narrow communication gaps across teams with a common data model, nomenclature, and language.
- Communicate real-time program metrics and risk indicators to all key stakeholders.
Information security organizations looking to build out their own cyber risk management programs should have the following best practice recommendations at the top of their minds:
Develop a comprehensive, extensible cybersecurity data ontology – Security teams must implement a cyber risk management process that is built on a comprehensive, standardized, and dynamic data ontology. Such an ontology will clearly define, delineate, and represent the common IT, security, and business components that comprise the enterprise technology infrastructure and the relationships between them. To deliver risk insights that are relevant to a business, security teams must ensure that any unique organizational factors that have an impact on risk analysis are reflected in the cyber risk data ontology. The ontology must also be able to evolve with changes in the IT and cybersecurity landscape, without adversely impacting the risk management processes.
Expand the scope of cyber risk management to include network, applications, cloud, and emerging technologies – Organizations need comprehensive coverage of risk analysis and management across the entire enterprise technology infrastructure. InfoSec organizations must implement a consistent cyber risk management strategy across critical infrastructure components using dedicated, purpose-built processes for vulnerability management, network security, application security, cloud security, and emerging technologies such as IoT.
Adjust risk prioritization models as necessary – Another critical factor for success comes from being able to leverage information from disparate cybersecurity tools and stakeholders to develop and present new knowledge and insights in the form of risk scores, ratings, alerts, and notifications. To do so, security teams need to have complete visibility and control over the risk methodology—resulting in accurate and relevant results and a better understanding of the factors driving risk prioritization and remediation.
Automate remediation management – Instead of ad hoc decisions, security teams should formulate and implement policies for risk remediation through automated ticket creation, tracking, and validation. Strong, comprehensive capabilities around consolidation, dynamic ownership, and SLA assignment can significantly improve the effectiveness of the remediation process.
Leverage cybersecurity process automation where possible – Cyber Risk Management involves processing and analyzing massive volumes of IT, security, and business data. This can be very time and resource-intensive, and automation should be used where possible to alleviate these needs. Automated processes for risk analysis, prioritization, and reporting not only make the program more efficient but also lead to more consistent and accurate results.
Develop and communicate integrated analytics – For a cyber risk management program to function effectively, it must intuitively engage and inform all the varied stakeholders across IT, security, and business at the appropriate instant in the risk lifecycle. The ability to visually communicate key risk and performance indicators through powerful metrics and reports are crucial to program success. Organizations must empower and encourage stakeholders to develop and communicate the metrics and reports that matter to them.
The pace of change in enterprise IT is not letting up and cyber risk management programs must evolve and grow to keep pace. Best practices are taking shape as businesses and the public sector comes to terms with the scale of the challenge. These include establishing and maintaining an extensible cybersecurity data ontology as well as process automation, integrated analytics, use of the open risk prioritization model and more. With such practices in place, the challenge of protecting complex enterprise software infrastructure becomes more manageable and dynamic.
About the Author
Haythem Hammour is the Product Marketing Manager at Brinqa. A customer-focused Information Security professional and Cybersecurity evangelist, Haythem uses his engineering background and diverse experience to inform his work and to successfully collaborate with engineers and creative teams. Haythem is a Certified Network Defender (CND) and an official member of both the Product Marketing Alliance and the Forbes Communication Council. Learn more about Haythem at https://www.brinqa.com/