In my last post we discussed the. Now let’s take a closer look at the capabilities needed to deliver on the requirements.
Step back for a moment and look at the big picture. All too often, security measures either don’t work as effectively as you thought—which you discover only after an attack succeeds—or the security you put in place is too restrictive and interferes with business.
For example, security countermeasures can bog down the performance of key applications, resulting in lost productivity, downtime, frustrated users, and opportunity costs.
In the meantime, attacks and attackers continue to evolve every day, so the security environment must adapt constantly.
Clearly, what’s needed is the ability to assess the effectiveness of your current cybersecurity investments and the ability to stay a step ahead. Here are 9 features to focus on as you evaluate various solutions:
Flexibility in risk assessment--the ability to combine and “rightsize” multiple assessment options, including vulnerability scanning, pentesting, and continuous validation techniques without disruption to your business.
Endpoint assessment capabilities so you can verify whether the last line of defense (the endpoint) stops attacks and which attacks are emanating from endpoints can be mitigated by the security architecture.
Constantly updated threat intelligence from multiple sources, including applications, attacks and exploits, new malware threats, DLP emulation, and so on.
Support for standard frameworks such as MITRE ATT&CK and NetSecOPEN so that you can integrate technologies, get accurate baseline measurements of your security posture, perform risk assessments, and view results from multiple sources through a common dashboard.
Event correlation across the whole security architecture, allowing information to be shared and interconnected between SIEM (security information and event management systems) and ITSM (IT service management) systems.
Policy validation: The ability to see how a change in policy impacts your security posture score and take corrective action accordingly.
Automation of core tasks like scheduling, polling, and so on, harnessing fresh content. This capability allows your security teams and SOC staff to focus on higher-value activities, which increases their value to the company and their job satisfaction.
Flexible, audience-specific reporting: The ability to gather results from multiple sources and present it in the best form and format for any given audience—like a personal digital assistant.
Realistic, reliable risk assessment based on emulated attacks, not simulated attacks. You need the ability to run attack scenarios in the way a hacker would, entering the network the same way and launching the same code or evasion techniques. With simulation, it’s just play-acting.
For an example of a solution that delivers on these capabilities and more, read the white paper on oursolution.
Next up, we’ll describe how to build a rock-solid foundation for assessing security regardless of your current cybersecurity maturity level.