After a year of unprecedented change, cybersecurity is at a major inflection point. As organizations accelerated digital transformation to support remote workforces, they experienced a huge increase in network complexity. To address radical new challenges, leading organizations are championing a radically new concept: they’re creating network models.
A network model is a dynamic three dimensional representation of the corporate security environment. It understands all of the devices, vulnerabilities and configurations within the security environment and can be used to run assessments and simulations. With a network model, organizations gain the context that they need to implement automation across a wide range of operational security processes. They are also provided with insight that is used to improve business resilience –a critical concern during these uncertain times.
Wipro, a Skybox Partner, recently published a “State of Cybersecurity Report, 2020,” which points to the criticality of having a network model. The report highlights the many challenges facing cybersecurity practitioners, it also looks to the future of cybersecurity with a prediction that network models will become increasingly critical to model system behavior.
Security leaders are not confident that they can prevent attacks
Effective defense strategies require more than just an understanding of risk. They also require the ability to take informed, decisive action. In the Wipro report, 59% of respondents indicated that they had high confidence in assessing risks, but only 23% claimed high confidence in preventing cyberattacks. Further, only 18% had high confidence in detecting them.
Skybox uncovered a similar sentiment with CxOs in its ‘Cybersecurity in the New Normal’ research report. 73% of C-level executives are concerned that the distributed workforce has introduced new vulnerabilities and increased exposures. On top of this, only 11% are very confident in their ability to gain full visibility over their growing security environment.
Given the complexity of today’s modern infrastructure, it’s difficult to take appropriate action without a network model. By being able to regularly simulate how attacks could impact the organization, and by establishing what steps can be taken to mitigate them, security leaders will be well-positioned to prevent attacks.
Further, they will be more able to tackle third-party risk – something that 54% of organizations have indicated as a top priority, according to the Wipro report. A network model gives security practitioners the ability to identify exploitable attack paths, know that they have the controls in place to mitigate risks, and control access permissions.
Detect-and-respond is short sighted – the new era of security will be defined by prevention
Security environments have become incredibly complex, the attack surface too large, and the demands placed on resource-stretched teams too great. To thrive in the post-pandemic age, organizations need to rethink their approach to vulnerability management.
Organizations know that it’s important to have visibility of vulnerabilities and assets: 81% consider vulnerability scanning coverage to be an essential technical metric, according to the Wipro report. While this is an important measurement, it’s important to emphasize that coverage is only one dynamic within the wider vulnerability management process. Even if it’s possible to achieve 100% coverage through scans, any insight is lost if these scans only take place once a month. This is especially true when you consider the volume of vulnerabilities that security teams have to manage – there are going to be 20,000 new vulnerabilities published this year, according to Skybox’s point of view, “Tear up the cybersecurity Rulebook.’ When scanning, frequency is fundamental.
But scanning, by itself, has its limitations. Not only is it disruptive but the costs of extending scanning to desktops are often prohibitive. On top of this, there are parts of the environment, like OT networks or network devices, that can be impossible to scan.
Leading organizations are tackling this problem by developing a multi-faceted approach towards frequent vulnerability discovery, where they leverage scanning alongside passive vulnerability discovery capabilities. They do so by taking insight from patch, CMDB and EDR solutions to derive the existence of vulnerabilities before comparing this insight with a comprehensive vulnerability database to understand their context.
The next step is to embed a network model in this process. This provides access to analytics that passively derive the existence of vulnerabilities. Which means that organizations are then able to develop more mature and effective vulnerability management processes.
Businesses can’t afford to stand still
The cybersecurity landscape has changed forever over the last year. Look at the acceleration of cloud adoption as one example of this. 72% of organizations are now storing sensitive data in the cloud and 87% of organizations are continuing to scale up secure cloud migrations, according to the Wipro report.
When thinking about security transformation, it’s critical to consider just how diverse the modern cybersecurity environment has become. To reduce risk and improve security posture across all network elements, organizations need to operate with a single view of compliance and operational security processes that can be aligned across the entire estate – including on-premise, OT, third-party, and cloud networks.
They also need to better insight into their security environment. An effective SOC strategy requires context of the cyber battlefield. This is context that a network model provides in abundance. When this context is taken and made available to other SOC tools, such as SIEM and SOAR, it’s easier to reduce the mean time taken to mitigate security incident metrics. With a network model, organizations gain:
- An understanding of the network.
- Insight into exposed assets.
- Visibility of exploitable attack paths.
- An understanding of how devices are configured.
- The ability to run simulations of lateral movements.
Organizations with a network model are working with a single source of truth that can be applied to the complete hybrid environment. They can understand new risks, exposures, and gaps in compliance that are being introduced. This means that they can proactively close the open windows and doors without disrupting transformation. The worst thing that security leaders can do now is carry on working with the same broken processes that they were struggling with before the pandemic. Security transformation is necessary: so too is the network model.
Download your copy of Wipro’s “State of Cybersecurity Report 2020” here.
Download your copy of Skybox’s “Cybersecurity in the New Normal” report here.
Download your copy of Skybox’s point of view ‘Tear up the Cybersecurity rulebook’ here.