Whitepaper
Left of Boom: REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
Whitepaper
Left of Boom: BE PREDICTIVE, NOT REACTIVE Nearly 100% of enterprise security spend is allocated toward reacting to events.
Are you spending all your security resources putting out fires? In recent years, cyber-security has emerged as a top concern for enterprises worldwide, driving significant investment in procuring new security products and services. However, nearly all new security spend and effort is directed toward detecting an attack in progress, or responding to one that has already occurred. While putting out security “fires� is an essential practice, the best way to build a secure enterprise is not necessarily by hiring a lot of firefighters (incident response teams), or investing in all possible prevention measures (i.e., controls such as firewalls and endpoint security). Instead, the key to staying on top of risk lies in building a "fire-resilient" infrastructure.
2
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
Whitepaper
Know where you stand Left of Boom practices protect your enterprise through preventative measures, include risk assessment and planning.
Let’s explore this concept of prevention vs. reaction further by borrowing some military terminology popularized by Washington Post reporter Rick Atkinson. In the cyber realm, practices and products can be mapped to three phases centered around their operations with respect to the point of “Boom”, with Boom representing an actual attack by an adversary: 1. LEFT OF BOOM: IT risk assessment and planning, e.g., vulnerability scanning, compliance verification, and pen testing. 2. BOOM: Controls to detect and stop attacks in progress, e.g., firewalls, IDS/IPS, AV, EDR, WAFs. 3. RIGHT OF BOOM: security operations, SIEM, UEBA, incident response and triage, e.g., Mandiant-style incidence response, security event analytics, Gartner’s SOAR, and forensics.
! M O BO tect & To De gress s l o r t Pro Con cks In a t t A Stop
IT Risk Assessment & Planning
Incident Response & Triage
3
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
Whitepaper
The Current Landscape Stagnant innovation in Left of Boom technologies has created a gap between the ever-increasing threat landscape and effective security practices.
In recent years, we have seen an explosion of awareness and interest in Controls (Boom) and Security Operations (Right of Boom) areas. We have also witnessed groundbreaking innovation in next-generation firewalls and endpoint controls that utilize technologies such as virtualization, security event analytics, AI, and workflow automation. As a direct result, several tens of billions of new security spend and investor value has been created in the last five years in response to this burgeoning new technological landscape. While there is no dearth of products and innovation in the Boom and Right of Boom areas, there has been a marked lack of innovation in Left of Boom technologies. Left of Boom products present an exceptionally high value potential and should therefore inform and direct every aspect of your security practice, and, when properly applied, drive value and increase efficiency. Enterprise risk assessment and planning technologies, such as GRC, have now been on the market for over a decade, rely extensively on manual processes, and are episodic (typically performed only one or twice a year). Essentially, these system processes are comprised of simple equations that generate pie charts and reports, and coupled with data stemming from user questionnaires, often lead to an erroneous “paper-based” cyber risk in reality bears little resemblance to your actual on-network breach risk.
Vulnerability Assessment is, in the aggregate, inadequate in assessing your enterprise attack risk.
Another related practice, vulnerability Assessment (VA), is the enumeration of systems likely to be compromised from a single attack vector — unpatched software. VA is rules-based and unable to self-learn new targets or attack methods. VA is also episodic, with periodic scans generally producing a large number of alerts and events that are difficult to assign action priority as they lack business context. VA tools are also generally limited to examining managed devices, and thus have limited coverage of your enterprise's vast and rapidly expanding enterprise attack surface. For example, vulnerability assessment fails to inform about the risk to your business stemming from weak or shared credentials, or incorrect or incomplete implementations of encryption. Similarly, VA cannot recognize and evaluate the differences between a unpatched primary domain controller and an unpatched lab server.
4
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
Whitepaper
POINT OF ENTRY: MEDIUM-SIZED BUSINESSES NEED TO START AT LEFT OF BOOM. In today's growing threat environment, mediumsized business and even SMBs would benefit from security processes once reserved for the largest enterprises.
Enterprises — even resource-rich corporations — that lack a solid Left of Boom strategy leave themselves vulnerable to attack.
As the enterprise attack landscape continues to increase exponentially, the need for Left of Boom tools and technologies has rapidly expanded as many more businesses become vulnerable to experiencing a breach. Security solutions once employed only by large enterprises and government agencies are becoming increasingly applicable for mid-size enterprises and even SMBs. The current challenge is creating IT Risk assessment and planning tools that are both simple to operationalize and accessible to businesses that lack the security and risk expertise necessary to manually analyze the attack surface, or the budget to throw the proverbial kitchen sink of controls at a security problem. Consider a scenario where you are the Director of Information Security at a company with a small security team. No matter how talented and dedicated your staff, your team simply cannot replicate the controls and operations of a large, resourceladen enterprise, such as a regional bank. Given real-life resource limitations, your enterprise cannot adequately protect itself without a solid strategy. That's where innovative Left of Boom thinking and tools can help you plan, predict and prevent.
GAIN CONTROL: LARGE ENTERPRISES NEED TO UPGRADE THEIR LEFT OF BOOM THINKING. New Left of Boom technologies enable enterprises to maximize their security spend ROI.
Everyone — even security-savvy organizations, should systematically and continuously assess whether all required controls are present and functioning, pinpoint any important gaps, and be aware of nonworking or suboptimal controls. New Left of Boom technologies have the potential of merging your organization's risk and security practice, enabling you to eliminate gaps between "paper" risk and on-network breach risk, and ultimately maximizing your security ROI.
5
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR CYBER-SECURITY PRACTICE
Whitepaper
Balbix Predictive Breach Risk Platform Balbix can arm your security team with a continuous and comprehensive “Left of Boom� solution by automating the five steps needed for complete risk visibility across your enterprise:
1. DISCOVER YOUR NETWORK Balbix gives enterprises a continuous and ondemand overview of their entire network attack surface.
Balbix Predictive Breach Risk Platform automatically and continuously discovers and tracks every enterprise asset, both managed and unmanaged, including IoT, cloud and third party. Balbix provides a real-time view of your enterprise devices, apps and users with automatic categorization.
2. MONITOR HUNDREDS OF ATTACK VECTORS Balbix continuously monitors breach likelihood for every enterprise asset across hundreds of attack vectors such as phishing, credential exposure, misconfiguration and malicious behavior.
3. CALCULATE BUSINESS IMPACT With Balbix, you can instantly monitor and assess breach risk across your entire network and hundreds of attack vectors.
Now you can evaluate the breach impact for every device, app and user located within your network. Balbix discovers each device's access to other resources located throughout your enterprise, and calculates its subsequent business impact of compromise.
6
REACT LESS AND PREDICT MORE BY TRANSFORMING YOUR SECURITY PRACTICE
Whitepaper
4. CONTINUOUSLY ASSESS RISK Balbix contextualizes business impact, providing invaluable information to maximize security spend and prioritize initiatives.
Balbix provides a clickable and searchable risk heat map for your entire enterprise, including IoT and cloud. Gain visibility into your risk, investigate where the risk is coming from, and receive actionable insights in how to mitigate it.
5. PRIORITIZE AND MITIGATE Balbix increases your mitigation effectiveness through continuous, comprehensive and instructive assessment.
Balbix provides clear and actionable insights to help your security team prioritize initiatives and mitigate breach risk. Your security team not only sees what actions are necessary to improve security, but also understands why.
In Conclusion Transform your Left of Boom security practices from reactive to predictive and increase ROI and resilience with Balbix.
In today’s threat environment, eliminating risk and avoiding breaches requires transitioning from focusing your enterprise resources and efforts on responsively putting out fires to transforming your security practice in the Left of Boom area. A key metric to focus on is the cyber-resilience of your enterprise. Companies adopting Left of Boom thinking will gain a competitive advantage in security spend ROI, and manage and mitigate breach risk more efficiently.
Let Balbix show you how you can plan for, predict and prevent cyber-disasters.
Balbix 3031 Tisch Way, Suite 800 San Jose, CA 95128 info@balbix.com 866 936 3180
www.balbix.com Copyright Š2017 Balbix, Inc. All rights Reserved.