Page 27 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 27
effectively prioritize their remediation efforts and remediate the most pressing threats before attackers
can exploit them.
Exposure Management Adds a Critical Element: Validation
The idea that organizations need to know where their vulnerabilities lie is not a new one. In fact, many
security vendors already offer certain elements of exposure management that have proven extremely
helpful to modern organizations. They can perform discovery operations, identify potential vulnerabilities
and security gaps, and many can even provide some form of prioritization and mitigation to help users
better understand which vulnerabilities are the most dangerous and how they can be addressed. These
capabilities are a major step forward for modern organizations, many of whom were previously struggling
with a laundry list of exposures and no way to know which were important and which could be safely
ignored.
But those capabilities aren’t enough in today’s threat environment. They omit a key piece of the puzzle:
validation. Validation is what makes modern exposure management solutions different. While previous
solutions could prioritize exposures based on opaque metrics, solutions equipped with security validation
capabilities test each vulnerability against simulated attack activity. Knowing that a vulnerability exists
isn’t enough—in order to understand the actual risk it poses, organizations must know whether an
attacker can actually exploit it. Is there a valid attack path that leads to exposed assets? Are there other
security controls effectively compensating for the vulnerability? This information can significantly impact
whether or not a given vulnerability is a priority, and the only way to obtain it is through security validation.
Adding Context to Critical Security Decisions
Validation is at the core of a successful exposure management program. It’s critical to have an exposure
management platform that can provide an aggregated view of potential vulnerabilities—one capable of
engaging in continuous scanning and integrating with other security tools like Cloud Security Posture
Management (CSPM), endpoint detection and response (EDR), asset management databases, and other
solutions that have become essential in today’s threat landscape. Further, organizations must break
down the siloes between those solutions to achieve a more holistic view of network security.
Once that has been achieved, organizations can begin answering the important questions: What areas
are exposed because they don’t have the right controls? What systems are vulnerable to emergent
threats? How are they at risk and what attack paths are the most dangerous? Validation provides a critical
source of truth that can help answer all of these questions. Put simply, validation works in four distinct
stages:
• KNOW: During this stage, organizations engage in discovery, building an inventory of assets and
aggregating exposures, vulnerabilities, weaknesses, and security gaps from across other,
integrated solutions. By understanding potential control gaps and attack paths, the organization
can begin building a risk profile of its attack surface.
27