As a CISO, one of the most challenging questions to answer is “How well are we protected right now?” Between the acceleration of hackers’ offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in a position to check it including, against the latest emerging threats.
Yet, the bulk of cybersecurity is focused on defensive tools. The combination of the rapid evolution of technology and the multiplication of technology layers, combined with the professionalization of the threat landscape, has led to a profusion of cybersecurity tools tackling different security aspects.
Checking the cybersecurity solution stack efficiency is typically done through pen-testing or, more recently, through red teaming – an exercise aimed to map possible loopholes that would lead to a data breach. When performed once or twice a year only, these tests might satisfy the compliance regulators. Still, as new threats emerge daily, they fail to inform about the environment’s current security posture effectively.
In addition, these infrequent tests fail to inform about potential tool overlaps and are not designed to prevent tool sprawl, a frequent occurrence in a field where over half of SOC centers are overrun with redundant security tools and are swamped by too many alerts.
Unrationalized security stacks are not only unnecessarily costly, but they also generate more false-positive calls, needlessly taxing security staff stamina and increasing the risk of missing a critical alert.
The ability to measure each tool’s efficacy, eliminate overlap and maintain continuous control over security baseline variability relies on continuous access to quantified data. This is at the core of what Extended Security Posture Management (XPSM) brings to the table.
images from Hacker News