An enterprise’s security posture refers to the overall status of your cybersecurity readiness. Show
With tens of thousands of assets in your enterprise and each susceptible to a myriad of attack vectors, there are practically unlimited permutations and combinations in which your organization can be breached. With the sharp increase in attack surface size, cybersecurity teams have a lot of complexity to deal with: vulnerability management, security controls, detecting attacks, incidence response, recovery, compliance, reporting and much more. So how can Infosec teams wrap their arms around these challenges and protect their organizations? The first line of defense against the adversary is a good security posture. This guide on security posture will cover:
What is security posture?Your security posture is a measure of:
A conceptual picture of the various elements of your security posture is shown in Fig 1. Inventory of IT AssetsYou can’t protect what you don’t know about. At the center of your security posture is an accurate inventory of all your assets. This includes all on-prem, cloud, mobile, and 3rd party assets; managed or unmanaged assets; applications and infrastructure, catalogued based on geographic location, and whether they are Internet facing (Perimeter assets) or not (Core assets). It is also very important to understand the business criticality of each asset, as this is an important component of calculating breach risk. You need to be able to express the expected business impact of a breached asset in Dollars terms (or in Euros, Pounds, Yen, ). Security Controls and EffectivenessSurrounding this central core is an enumeration of the cybersecurity controls that you have deployed. Some controls, such as firewalls and endpoint are deployed with a goal of preventing attacks. Others, such as intrusion detection systems (IDSes) and SIEMs are involved in detecting attacks that get past your protective controls. Additional tools and processes are needed for response and recovery from such attacks. It is important to not just be able to enumerate your controls, but also have an understanding of the effectiveness of each control in reducing your cyber risk. Attack VectorsThe next ring lists the various attack vectors. Attack vectors are the methods that adversaries use to breach or infiltrate your network. Attack vectors take many different forms, ranging from malware and ransomware, to man-in-the-middle attacks, compromised credentials, and phishing. Some attack vectors target weaknesses in your security and overall infrastructure, others target the human users that have access to your network. Recommended reading: 8 Common Cyber Attack Vectors and How to Avoid It And keep in mind that risk extends beyond unpatched software vulnerabilities (CVEs). Your ability to monitor your assets in risk areas such as unpatched software, password issues, misconfigurations, encryption issues, phishing, web and ransomware, denial of service attacks and many others is the mainstay of your security posture.
Therefore, understanding the full scope of your security posture and correctly prioritizing areas of relevant risk is essential to protecting your organization against breaches. Attack SurfaceThe combination of your asset inventory and attack vectors makes up your attack surface. Your attack surface is represented by all of the ways by which an attacker can attempt to gain unauthorized to any of your assets using any breach method. Automation of Security PostureA critical aspect of your security posture is the degree of automation. Attackers are constantly probing your defenses using automated techniques. 100s of new vulnerabilities are disclosed every month. It is not enough to simply be able to list your inventory, fix your vulnerabilities and review your controls from time to time. You will need to automate security posture management in order to stay ahead of the adversary. Improving Security PostureIn order to understand and optimize your security posture, you need to:
How to assess security postureSecurity posture assessment is the first step in understanding where you are in your cybersecurity maturity journey and your cyber breach risk. You want to be able to answer the following questions: 3 keys steps in security posture assessmentLet’s explore how you assess security posture in 3 steps:
Step 1. Get an accurate IT asset InventoryThe first step in security posture assessment is getting a comprehensive inventory of all your assets.
You need an accurate and up to date count of all hardware, software, and network elements in your enterprise. However, just being aware of an asset isn’t sufficient. You also need to know detailed information about each asset which can help you understand the risk associated with the asset. This involves:
Getting an accurate asset inventory is foundational to your security posture. The ability to track and audit your inventory is a baseline requirement for most security standards, including the CIS Top 20, HIPAA, and PCI. Having an accurate, up-to-date asset inventory also ensures your company can keep track of the type and age of hardware in use. By keeping track of this information, you are more easily able to identify technology gaps and refresh cycles. As systems begin to age, and are no longer supported by the manufacturer, they present a security risk to your organization as a whole. Unsupported software that no longer receives updates from the manufacturer brings the risk of not being monitored for new vulnerabilities and implementation of patches. See how Balbix can automatically discover and inventory all your assets. Step 2. Map your attack surfaceThe second step in security posture assessment is mapping your attack surface. Your attack surface is represented by all of the points on your network where an adversary can attempt to gain entry to your information systems. The x-y plot in Fig 2 below represents your attack surface. In a typical breach, the adversary uses some point on this attack surface to compromise an (Internet facing) asset. Other points are then used to move laterally across the enterprise to some valuable asset, compromise that asset, and then exfiltrate data or do some damage. For a medium to large sized enterprise, the attack surface can be gigantic. Hundreds of thousands of assets potentially targeted by hundreds of attack vectors can mean that your attack surface is made up of tens of millions to hundreds of billions of data points that must be monitored at all times. Recommended reading: What is attack surface and how to manage it. 3. Understanding cyber riskthe final step in security posture assessment is understanding your cyber risk. Cyber risk has an inverse relationship with your security posture. As your security posture becomes stronger, your cyber risk decreases. Mathematically, risk is defined as the probability of a loss event (likelihood) multiplied by the magnitude of loss resulting from that loss event (impact). Cyber risk is the probability of exposure or potential loss resulting from a cyberattack or data breach. An accurate cyber risk calculation needs to consider 5 factors as show in Fig 3. Fig 3. Enterprise attack surface For each point of the attack surface picture of Fig 2, we must consider:
This calculation needs to be performed for all points of the attack surface. This result in an accurate picture of where your cyber-risk is and helps you prioritize risk mitigation actions while avoiding busy work fixing low risk issues. 5 steps to improve your security postureTo improve your security posture, you need to:
Risk OwnershipStep 2 above is key to improving security posture. It is critical that you define and actively manage your risk ownership org chart. Most risk mitigation tasks need to be executed or approved by individuals who are not part of the Infosec organization. It is important to provide actionable dashboards and reports to each risk owner that contain information about the security issues that they own, associated risk and risk mitigation options. With a well-understood risk ownership hierarchy, you will also be able to compare and scorecard owners and drive them to do their part in maintaining a good security posture. Continuous fine-tuning to improve security postureOnce your organization gains visibility into security posture, your security program governance will need to set and periodically adjust security posture goals. Your will need to continuously monitor your attack surface in the context of the ever-evolving cyber threat landscape and make sure you have (mostly) automated processes in place for maintaining good cybersecurity posture. Balbix BreachControl (now called Balbix Security Cloud) helps you automate and improve your cybersecurity posture. Balbix continuously monitors your attack surface across all asset types and attack vectors, analyzes this information to predict likely breach scenarios, prioritizes security issues based on business risk and drives appropriate mitigation steps to address issues ConclusionSecurity posture is an organization’s overall cybersecurity strength and resilience in relation to cyber-threats. The complexity and variety of modern cyber-attacks makes analyzing and improving security posture quite challenging. As organizations move away from last generation security strategies and fragmented solutions, they are transitioning to an automated architecture for managing security posture that can protect against a fast-changing threat landscape.
|