With the end of the baseball lockout, I found myself reflecting on the Walter Johnson quote, “You can’t hit what you can’t see.” While I’m very excited to see my team (the World Series champion Braves) defend their title, I was reflecting on how this quote applies in the realm of Cybersecurity.
In the “The Legacy of CIOs – Technical Debt” ImagineX blog post, Paul Passey wrote, “Visibility will be the key to holding people accountable” while discussing the risk technical debt poses to organizations. That’s a great point, but what does it mean?
Paul goes on to say, “we’ll need to rely on technologies that have great capabilities in regards to visibility both on-prem and in the cloud, including Containers and Infrastructure-as-Code.” Exactly. Organizations need the tools to understand and mitigate the Infosec challenges facing the technology community, and while this post is related to technical debt, insight into risk applies throughout cybersecurity efforts.
Like many, when reading the blog, you might be saying, “But Paul, we have plenty of visibility. We have tools like Qualys, Crowdstrike, SailPoint, Splunk, or countless others providing data. We have too much visibility and with new entrants to the cyber attack and defense stratosphere daily, we don’t know where to start.” Or maybe you know that your organization has some Cyber tools, but you have so much information to pillage through, you don’t know if you have coverage gaps in areas such as “your weakest link, people” or “your Incident Response Plan.”
Paul’s premise is absolutely right: visibility is key to accountability. But with so much information, we need to create a focus.
ISC2 addresses this stating, “there is a need to shift and advance a ‘risk-based’ approach to cybersecurity. A risk-based approach seeks to decrease enterprise risk by identifying and focusing on the various elements of cyber risk.” A major key to focusing your “‘risk-based’ approach to cybersecurity” starts with analyzing and optimizing the massive amounts of data compounding daily and presenting it in usable and meaningful ways. This enables risks to be understood by the right audience and actioned upon by the empowered teams.
ImagineX utilizes a unique blend of consultants that span backgrounds in information security, traditional data roles, and process engineers to create enterprise cybersecurity solutions that drive insight from the CEO down to the engineer. While our team has delivered many bespoke solutions, there are three areas that we have spent a significant amount of time working through to deliver value, and reduce risk for our clients:
- Cyber coverage visualization
- Vulnerability remediation
- Identifying and removing cyber threats
Cyber coverage visualization involves combining traditional information from tools like Qulays, Tanium, Splunk, SailPoint, and internal control processes to understand what internal applications pose the biggest known risk to the organization. By providing this information, the company is able to close known security flaws and reduce known threats. The data presented rolls up to the highest level of an organization and shows how specific tools are being used. It can also be drilled down to a level that gives engineers the information they need to resolve issues.
Vulnerability remediation consolidates the detailed output from world class vulnerability tools,massages the data for consumption, and enriches the information to provide focus to vulnerability efforts. Vulnerability management tools create massive amounts of rich data, but not all of it is important to every user. Additionally, commercial off-the-shelf software (COTS) rarely enables the supplement of other tools to add important information such as contextual information or organizational responsibility for resolution. Furthermore, while vendor tools might provide their lens to important data they discover, that information might not resonate with the audience.
For example, some tools only focus on infrastructure, but perhaps funding and resources are provided to business units and there is not a centralized infrastructure team. You might have visibility to your vulnerabilities, but how do you resolve them?
ImagineX approaches reducing vulnerabilities by understanding how your team is structured, what information is important to you and augmenting that with our cybersecurity expertise to present the vulnerability information needed, protecting your team.
Identifying and removing cyber threats is a daunting task for any organization. It keeps CISOs, CEOs, and security engineers up at night. At ImagineX, we have a deep bench of consultants that have been in the proverbial trenches and understand the challenges being faced. It is also why we see value in the WitFoo partnership. Information security organizations should all have some sort of SIEM, but not all tools are created equal.
The WitFoo platform, WitFoo Precinct, helps prioritize and visualize the biggest threats and carefully guides analysts through remediation efforts. It is a tool that excels in delivering actionable insight to all levels of an organization, from junior analyst to the Board of Directors, about the health of a security practice. Using objective, machine driven metrics collected by Precinct, organizations can easily identify and address their security deficiencies to prevent breaches from occurring in the first place.
So, yes… Visualization is the key to resolving our biggest threats. We need to see the threats (“pitch”) to solve them. Understanding your Cyber coverage and your vulnerabilities enables you to identify and remove cyber threats and remediate vulnerabilities (“hit the pitch”).