Page 28 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 28

•  TEST: During the testing phase, organizations use security validation solutions to validate their
                   controls and test against potential threats and attack paths. By performing automated offensive
                   security assessments, organizations can marry the output of the test with the context of the attack
                   surface  to  determine  what  the  risk  is.  Attack  path validation  can  then  marry  that  output  with
                   exposure analytics to provide actionable insights.

               •  FOCUS: Through correlation and analysis, organizations can prioritize the areas of greatest risk
                   and  focus  their  remediation  efforts.  It’s  important  to  understand  that  these  focus  areas  are
                   determined  based  on  validated  controls  and  attack  paths.  In  effect,  prioritization  is  a  “sort”
                   function,  while  validation  is  a  “filter”  function,  eliminating  vulnerabilities  already  mitigated  by
                   compensating controls from the task list. Where vulnerability management might recommend
                   installing  a  patch,  exposure  management  can  provide  a  range  of  options  from  mitigation  to
                   outright remediation and map out the exact effect each one will have on the organization’s security
                   posture.

               •  PROVE: This stage is where the organization gets its metrics. By establishing a baseline for cyber
                   resilience and measuring changes over time as the threat landscape evolves and exposures are
                   remediated, the organization can have a real-time view of its security posture. Those metrics can
                   then be mapped to control frameworks and threat models including MITRE ATT&CK, NIST 800-
                   53,  and  others,  allowing  the  organization  to  clearly  demonstrate  its  threat  readiness  to  both
                   internal and external stakeholders.



            Organizations that invest in vulnerability management or Security Information and Event Management
            (SIEM) systems may believe they are covered, but these solutions only form a piece of the puzzle. The
            incident logs a SIEM provides are useful, but they only provide information on incidents that have already
            taken place, making the technology too reactive. Vulnerability management on the other hand, lacks the
            validation  process  necessary  to  effectively  prioritize  potential  exposures.  Only  real-time  security
            validation and exposure management can provide a real-time picture of the organization’s risk profile
            along with the context needed to effectively prioritize mitigation and remediation efforts.



            Validated Exposures Enable Effective Threat Prioritization

            Validation is the key. Every organization has exposures—as network environments grow more complex
            and new threats emerge on an almost daily basis, there will always be new vulnerabilities to mitigate and
            security gaps to address. What’s most important is knowing about them as quickly as possible, and
            understanding them within the context of the organization’s existing security framework, allowing security
            teams to better determine which exposures represent significant threats and which are unlikely to be
            exploited. Organizations that want to protect themselves against today’s advanced threats can’t afford to
            wait—because attackers certainly won’t.









                                                                                                              28
   23   24   25   26   27   28   29   30   31   32   33