The Cybersecurity Maturity Journey

Cybersecurity risks pervade every organization. With the increase in global connectivity, usage of cloud services and the expansion of the digital space - so do cyber threats.

“In the early days of criminal hacking, it was about showing what was possible—breaking into systems for fun and the challenge. [But] later, a profit motive emerged, which attracted criminal elements that were serious, organized and global. As a result, the United States now classifies cyberspace as a new domain of battle—as significant as air, land or sea,”1 explains security expert Marc Goodman and co-author Andrew Hessel.

The cyber attacks leveled at government agencies are similar to those made against enterprises and small-to-medium-sized businesses. The complicating factor when it comes to public sector security is the framework of strict compliance mandates to budget uncertainties, staff shortages and skills gaps. The stakes of hacking public-sector information are high, as it might imperil national security as well as citizens’ trust.

Government agencies can be attractive targets. The public sector organizations and governments hold sensitive and valuable data, be it social security numbers, medical records or military and diplomatic secrets. Therefore, the public sector faces more security incidents and data breaches than any other sector 2

Whatever the motive, governments are high value targets for hackers today. It’s critical that agencies invest in strong cyber defenses—stronger, if anything, than those found in the private sector.

The challenge that governments face

Most data are security-relevant, and can be found across an organization, including specialized security systems and controls, application and equipment logs, network traffic, physical security systems and many other sources.

The challenge that governments or even enterprises face is having the right synchronization of people, processes and the technology necessary to make sense of the security relevant data and act upon any findings.

In 2013, the energy company BP stated that it experienced about 50,000 daily attempts at cyber intrusion, but that would represent a holiday at the Pentagon and National Nuclear Security Administration, which each sees 200 times as many online attacks. 3

Organizations may lack the capacity to effectively identify and prioritize the critical security alerts. This situation makes it difficult, to make proactive decisions on how best to respond to threats, improve security posture and manage risk overall.

To mitigate this challenge, agencies can implement a risk-based approach, enabled by an analytics-driven foundation for security operations. Achieving a risk-based security approach is a destination that can be reached through the journey of security maturity.

The basic framework for a risk-based approach contains:

An agency-wide investigative methodology - Based on a centralized collection of security-relevant data

Priority based security issues - Based on a set of key metrics that include correlated, verified indicators across multiple IT domains

Efficient and accurate analyses at scale – Based on supporting real-time incident and breach scoping, forensic analysis, threat hunting and adversary profiling

An agency-wide standard operating procedure for security operations – Based on a set of rules with a collaborative workflow as well as planned automated containment and rectifying strategies

Where are you on your security maturity journey?

The four stages of the security maturity journey are to Investigate, Monitor, Analyze and Act.

1. Investigate:

An investigation is fundamental in security analysis. One of the main tasks of the security analyst is to figure out several things:

●      How do you handle alerts?

●      Do you have repeatable processes or playbooks in place?

●      How do you predict threats?

●      Are your security initiatives aligned with your business objectives?

●      Are you more reactive or more proactive?

By answering questions like these, you can begin to establish whether your security operations program is at a fundamental, integrated or an adaptive stage.

In order to ask these questions, organizations need to collect, normalize and aggregate a diverse set of data. The challenge faced here is that the skill set needed for data modelling to accomplish these tasks is not a capability within the organization.

2. Monitor:

Monitoring requires continually analyzing and evaluating security data in order to identify cyber attacks and data breaches. Attacks are automated, system configurations change regularly and updates to mission requirements can result in increased complexity in the attack surface.

By monitoring threats, organizations can:

●      Learn what is on the networks, who is using them and whether or not they are at risk

●      Understand the alignment of network usage and policy requirements

●      Meet the standards of regulatory compliance or business partner agreements

●      Find vulnerabilities in networks, applications and the security architecture, and understand how to fix them

3. Analyze:

In this stage, an organizations’ security team can seek to identify advanced threats, suspicious traffic patterns, anomalous activity that deviates from established baselines and other threat indicators.

A threat analysis is a process used to determine which components of the system need to be protected and the types of security risks (threats) they should be protected from.

A key objective at this stage is to minimize the false positives that can cause alert fatigue. Importantly, because this analysis is data-driven and therefore objective, analysts can have a high degree of confidence in the precision of an alert.

4. Act

The fourth stage is for acting on the information collected so far. The first steps in acting on preventing security threats is to automate incident responses to breaches and also the automation of other security processes and repetitive tasks.

Cyber attacks have become heavily automated. If organizations try to defend against these attacks manually, the fight becomes man versus machine, with highly unfavorable odds for the organization. Automation levels the playing field, reduces the volume of threats and allows for faster prevention of new and previously unknown threats.

If implemented appropriately and with the right tools, automation can aide in the prevention of successful cyberattacks.

●      Correlating data – Collect data threats across all attack vectors, security technologies and global threat intelligence using machine learning and automation for data sequencing and presenting them in an actionable manner.

●      Generating protections faster than attacks can spread - Once a threat is identified, protections need to be created and distributed faster than an attack can spread throughout the organization’s networks, endpoints or cloud. Automation can expedite the process of creating protections without straining resources, all while keeping pace with the attack.

●      Implementing protections faster than attacks can progress - Protections should be enforced not only in the location the threat was identified, but also across all technologies within the organization to provide consistent protection against the attack’s current and future behaviors. Using automated, big data attack-sequencing and automated generation and distribution of protections, the organization can predict the next step of an unknown attack and move fast enough to prevent it.

●      Detecting infections existing in the current network - The moment a threat enters the network, a timer starts counting down until it becomes a breach. Automation allows for faster analysis and, should a host on your network be compromised, faster detection and intervention.

The future of cyber security threat monitoring

The rate of change of cyber security is accelerating. With remote work, enhancing customer experience, value generation and expanding digital in legacy systems, the scope of the threat is growing, and no organization is immune.

To keep up with the rate of change of cyber security, organizations need a threat-monitoring system that surpasses threats and evolves with time. A next-generation security platform rapidly analyzes data, turns unknown threats into known threats, creates an attack DNA and automatically enforces a full set of protections through the organization to stop the attack lifecycle.