Many organizations are transforming their cybersecurity strategy from one born out of compliance and shifting to risk management. As organizations are making this transition to the continuous cycle of risk management, they are running into the problem of "Consumability." This can be summed up by the fact that none of us have enough people or time to consume all of the data from all of the controls to adequately address cyber risk. The solution is wisdom and horsepower. The wisdom comes from talking and learning from those who have gone before you, those who lived through the transformation experience. The horsepower comes from leveraging technology accelerators like Cloud, AI, Orchestration, and Collaboration to increase your ability to consume data in a normalized and streamlined manner with automated actions and responses.
We then shifted into how organizations are managing and running their security program. Today most of us are using a 3-phase approach of find, confirm, and then fix. Find is where we spend so much of our time today pulling in event data from logs, network flows, etc, which in of itself is a reasonably large effort and THEN spend even more time trying to find the relevant and correlated security data. Confirm is where our security operations team spends time searching (hello Google!) and investigating to confirm what our disparate controls may be telling us. We then shift into the fix phase where, depending on the organization, either the security or IT team (or both) address and remediate the security incident. There's a new 4th phase that we talk about on the webinar around Federation. That is worth listening to due to the way it can modernize and accelerate the first three phases.
The last topic addressed was how threat management is being leveraged to better protect the business. If we all agree (and we should) that the perimeter is ANYWHERE and EVERYWHERE that our sensitive data is, then we have all accepted the premise of Zero Trust Architecture. This would dictate that we are continuously confirming that the right users are accessing data for the right reasons. We discussed how to address the necessary controls for each of those steps. Moving to a Zero Trust Architecture allows you to better manage both external AND internal threats (malicious or unintentional).
I believe we answered the question of how to modernize your approach to cyber while your organization is going through transformation. It was fun, educational and I look forward to our next event. If any of the above items are of interest to you, you should watch the replay. If you would like to have a discussion or deep dive into any of these topics, please reach out to either myself or Solutions II.