The security profession must increase focus on preventative security
Today’s modern attack surface is difficult to secure, as the tools that are used are particularly strong at a particular silo of security, and don’t collectively operate as one security solution. The result is an open invitation to bad actors … they do not respect the silos that organisations are attempting to protect, and they will exploit initial weaknesses before laterally attacking domains until they achieve their objective.
The challenge for enterprise organisations today is the ability to approach security in a way that mirrors how an attacker will view an opportunity to breach. (click here for an overview of some high-profile breaches). Attackers are ruthless and tenacious, doing all they can to find and exploit an asset or an identity, gain privileges and then pinpoint weaknesses that will elevate their permissions. Preventing this happening, continuously, is the pain experienced by security personnel across the globe. To begin with they lack the holistic view of their attack surface as individual tools frequently focus on a specific technology domain. They have a disjointed approach for scoring risk, and fragmented data produces a lack of critical technical context. Whilst a lack of critical business context means the security tools lack an understanding of what is the actual exposure risk and the ultimate consequence of a successful breach.
Tenable have considered these security challenges and believe that to better understand and prioritise risks that represent actual exposure, the security profession must increase focus on preventative security. Subsequently they have identified five critical steps needed to successfully identify and remediate true business exposure and drive better outcomes from your preventative security program.
Step1 – Know your attack surface
It is estimated that only 62% of an organisation’s attack surface is known to its cybersecurity team! Resulting in a single unsecured device, unpatched laptop, or weak password presenting enough initial privileges to kick off a successful attack. Aggregating assets and identifying information across multiple tools into a unified asset inventory such as Tenable One is an absolute must.
Step 2 – Identify all preventable risk
Identifying all preventable forms of risk is a challenge, often requiring a mix of techniques and tools spanning network scanners, agents, passive monitoring and agentless approaches. To manage and measure the exposure it is important to have a complete and normalised view of all preventable risk – misconfigurations, vulnerabilities, and excessive privileges associated with a given asset or identity. These three forms are detected by Tenable One, helping security teams identify the assets that pose the greatest potential risk to the organisation and calculate an overall Asset Exposure Score (AES)
Step 3 – Align with Business Context
Staffing constraints in many organisations results in security teams struggling to keep pace and an overwhelming case of alert fatigue. Prioritising the things that matter most – critical services, processes and mission critical data- is therefore essential to a robust security posture. Tenable One produces Cyber Exposure Scores (CES) for critical business functions or groupings – providing an at a glance view of overall exposure
Step 4 – Remediate true exposure
Because even a single open port on an asset can provide an initial foothold for “n” number of potential attack paths, it is essential to understand the relationship between assets, identities and risks. Understanding these toxic relationships gives a blueprint of which attack paths lead to crown jewels, leading to priority remediation.
Step 5 – Continuously optimise investments
Answering the question “How secure are we?” is becoming increasingly challenging for security leaders. It is therefore critical to measure and communicate exposure in whichever form it takes, including overall cyber exposure, exposure by business function or line of business, by technology domain, by administrator, or even compliance aligned to specific regulatory mandates. The Global Exposure Card in Tenable One lets organisations visualise their overall cyber exposure over time and benchmark it to peers.
Tenable One can streamline an organisation’s journey to integrated exposure management, assisting it in understanding true business exposure as seen through the lens of an attacker. This ebook provides more detail on this five-step process, ultimately paving the way for organisations to develop security measures that are not only effective, but also scalable and aligned with their mission.
About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at www.tenable.com