4 minute read
The five tenets of an effective cybersecurity programme
Advertisement
At its essence, security intelligence is the practice of keeping organisations safe through the process of collecting, standardising, and analysing data generated from networks, applications, and other IT infrastructure. This information is then used to develop the enterprise security posture, ensuring that cybersecurity teams always stay ahead of any threats.
While security intelligence traditionally involved the monitoring of networks, traffic, and endpoints – with teams taking action when necessary – recent global-scale incidents have forced the cybersecurity industry to reassess its core concepts and long-held perspectives. Keeping an enterprise safe in today’s cybersecurity climate requires a total paradigm shift in how security intelligence is collected and used.
The internet attack surface
Holistic security intelligence starts with the internet attack surface. The internet attack surface is every manifestation a company may have on the web outside the confines of the corporate network. This is the main vector of attack for threat actors and is a major avenue for infiltration. By its nature, the internet is an ecosystem that connects enterprises with bad actors who will look to exploit this connection. If a company has an internet presence – which is today unavoidable – then it will always be under threat.
Organisations are particularly susceptible to attacks borne from the web when they lack visibility and situational awareness. When security teams have good visibility into their organisation’s web presence, they can monitor areas of risk and vulnerability, as well as keep an eye on cyber adversaries. It is visibility that is at the heart of effective security intelligence.
An ongoing battle
In this era of constant cyberattacks, organisational cybersecurity is best viewed as a battlefield in that a company’s digital presence can be a crowded, chaotic, and dangerous place. The right security intelligence can cut through the fog of war, illuminating danger wherever it might arise. Similar to a real battle, information is key and those with the best information will be safest.
This being the case, there are five key tenets that organisations can use to direct their security intelligence programme, ensuring that they have the most encompassing information. These five critical areas can help guarantee that security teams are as well prepared as possible
to stay ahead of their adversaries and win the cybersecurity battle. and Kaseya, which both impacted thousands of companies – were borne from the supply chain. This being the case, security teams must have an excellent understanding of their third-party risks and how a compromised partner might endanger their own organisation.
The five tenets of an effective security intelligence programme
3. Know your enemies: Cyber threat intelligence
1. Know yourself: Attack surface intelligence
Excellent security intelligence must start with a keen understanding of the organisation to which security teams belong. This must include its composition, and unique placement amid the global attack surface. To ascertain this, teams must have complete visibility into their company’s digital footprint, which is every asset and connection spanning the organisational presence on the web. It is though this visibility that avenues of attack can be recognised and defended. Once security teams gain an understanding of their own digital footprint, it is time to look outwards. Like enterprises online, adversary digital footprints are always evolving and must be monitored. This can be secured through access to real-world observations, insights into digital relationships and internet connections to track threat systems and threat actors. By monitoring threat actors, security teams can develop a profile of how they might conduct an attack and guard against it.
4. Know your ever-changing surroundings: Security Operations intelligence
2. Know your allies: Third-party intelligence
The supply chain has become a major area of vulnerability when it comes to cyberattacks. In fact, two of the most widely damaging attacks this year – SolarWinds It’s essential that security teams understand the ever-changing topography of the threat landscape and where their organisations lie in it. This will deliver valuable insight as to who might target their company, why, and through what vectors – for example, could they be vulnerable to state-sponsored cyberattacks. This can be secured through enriching core security solutions with extended intelligence to improve investigation and response.
5. Know your weaknesses: vulnerability intelligence
Moving beyond an organisation’s internet attack surface, security teams must identify and monitor any specific vulnerabilities that are found. New common vulnerabilities and exposures (CVEs) are announced every day. No matter the level of criticality, teams must closely monitor CVEs because cybercriminals will be well aware of them too.
Once these five tenets are secured, security teams can truly protect their organisation in today’s climate of ongoing cyberattacks. At the heart of all these tenets is visibility – both externally and internally – as it is through information and dispelling the murkiness of the web that threat actors can be prevented. Companies that do not act now will likely learn the crucial benefits of visibility the hard way at cost to their bottom line and their reputation.
Fabian Libeau, EMEA VP, RiskIQ.
