11

Move over XDR, it's time for security observability, prioritization, and validat...

 3 years ago
source link: https://www.csoonline.com/article/3624591/move-over-xdr-its-time-for-security-observability-prioritization-and-validation-sopv.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management.

All the ‘formulas’ used to calculate risk management tend to have 5 components to them: 1) The likelihood of an incident, 2) The impact of an incident, 3) The value of an entity/asset, 4) The vulnerability of an entity/asset, and 4) Threats to that entity/asset.  Information about these 5 inputs is used to decide where (and how) organizations approach risk mitigation.

These considerations are factored into cybersecurity planning and strategy.  Business managers help decide the value of entities/assets and the impact if these entities/assets were degraded, stolen, or unavailable.  Security, IT, and risk teams collaborate on the likelihood of an event that takes entities/assets offline.  Finally, security teams work with IT operations on threat and vulnerability management.

Over the past few years, security technology has seen massive changes on the threat management side with eXtended detection and response (XDR), driven by the need to improve security efficacy and operational efficiency.  As a technology architecture, XDR is intended to unify data sources, visibility, and analytics for threat prevention, detection, and response. 

With the move toward XDR, the industry recognized the need for data and tools integration for threat management.  Unfortunately, this same type of integration and consolidation hasn’t been nearly as active on the vulnerability management (or security hygiene and posture management) side.  To be clear, I’m not just talking about traditional vulnerability management tools.  Rather, I’m referring to a much bigger picture—the ability to discover all entities/assets (i.e., users, accounts, applications, systems, sensitive data), view the relationships between all entities/assets, and understand the security posture of all entities/assets (i.e., software profile, configuration status, integrity, compliance with corporate policies, etc.).  Think CIS Critical Security Controls at scale. 

Securing the software supply chain: A structured approach
Volume 0%

This information is the basis for cybersecurity decision making—risk mitigation, what needs protecting, how we spend budget dollars, etc.  Without comprehensive visibility, we are making critical security decisions based on guesswork.

To continue reading this article register now

Learn More   Existing Users Sign In


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK