There are many reasons why you may be considering or engaged in a security transformation program tasked with reducing the risk of cyberattacks. For example:
- You’ve appointed a new chief information security officer (CISO) who wants to implement a fast track program delivering immediate improvements.
- You’ve deployed many different security technologies and are conducting regular audits, but you’re struggling to continue to scale your IT security team.
- You’ve taken a highly tool-centric approach to cybersecurity, but have too much data, not enough people, your processes aren’t sufficiently mature, or your operational approach simply isn’t working.
- You’ve tried outsourcing your security, but this isn’t delivering the anticipated benefits.
- You’re struggling to answer questions from senior executives such as where are we most at risk from an attack, what’s being done, and what options do we have to prevent this?
A familiar thread across all these issues is the search for an improved approach and processes to help you better utilise your existing resources. But if you don’t know precisely what you’re trying to defend, it’s very difficult to plan an effective security strategy to achieve this. And without a central model, and a clear and detailed view of your infrastructure, the likelihood is that the technologies and processes you’re trying to deploy are going to be badly instituted or simply not work at all.
A common sense structure and approach is needed to understand your attack surface, achieve immediate results early in your security transformation, and create a trusted platform on which to mature and evolve your processes over time. This helps address key security challenges including:
- Very poor context of the attack surface, due to its complexity, scale, heterogeneous technology, use of cloud, outsourcers, etc.; historical data that is often out of date.
- The need to demonstrate a quick risk reduction, which means identifying any gaps in compliance and exposure, high risk vulnerabilities, and all ingress/egress points.
- Improving security and compliance by leveraging existing processes, such as how to turn firewall change mangement into a first line of defence, ensure the patch process is serving your security needs and embed compliance management within normal day-to-day operations.
- Using security transformation to deliver increased business value, by elevating the security operations team from a blocker to a strategic business enabler that increases ROI.
- How best to plan and manage the transformation program, to mature your approach to security, and avoid the mistakes made by early adopters who over-invested in technology.Recommended phased maturity approach
Start by focusing on discovery and high-risk threat mitigation:
- Build a model of your complete organisational infrastructure, and provide context around all of the ingress/egress points and complexities of your network and assets, to give you a detailed understanding of what you’re trying to defend.
- This model should be automatically updated on a daily basis, giving you an ongoing and always current view of your attack surface.
- The model can then be regularly analysed to identify all of the opportunities to quickly reduce risk, increase resilience and deliver immediate results.
- Evolve and improving your existing processes, or instituting new ones in areas including automating compliance and policy management, automating firewall and change management, and improving vulnerability management.
- Moving into more advanced use cases such as embedding Skybox into a SOC or computer emergency response team (CERT), using it to assist with outsourcing to a managed security service provider (MSSP).