BUSINESS STRATEGY
Josh Neame , CTO at BlueFort
understanding of how the business is running , what ’ s working well and where the gaps are . Then you apply intelligence to fill those gaps , which could mean bringing in new controls , processes , people or technology . You need to understand the entire sphere to put effective strategies and policies in place .
In your opinion , why are external attack surfaces increasing ?
This goes back to the changing nature of the business IT landscape and the rapid adoption of cloud . Everyone is navigating their own cloud journey right now and the two are interconnected ; external attack surfaces are expanding as a result of increased cloud adoption .
Traditionally , most things were behind a firewall , with perhaps a few select services on the internet – everyone knew what they were and how to put the right controls around them . Now , it ’ s common for organisations to have disparate teams that aren ' t talking to each other . For example , the DevOps team could be running wild in Azure or AWS , while the security team chases around trying to plug the gaps they ' re creating . Then , on top of this , the workforce is heavily distributed across the country , or even the globe , and all the many SaaS , PaaS and IaaS services are hosted outside the organisation in the public cloud .
Why is a lack of visibility a root cause for these challenges ?
It ’ s important to realise that intelligence and information are very different things ; you can have a pile of information but if it provides no value to you then you will derive zero intelligence from it . For security teams , it ’ s easy to get caught in a situation where you have too much information with very little context . This creates noise and prevents you from gaining true visibility .
Visibility enables you to move to a proactive mindset – you know where the holes are first and this allows your security team to be ahead of the curve . Having visibility into potential issues before anyone is able to leverage them means you can avoid trying to remediate them reactively , once an incident has occurred . Even if you do encounter negative outcomes , and an attacker gets in , if you have been continuously validating your existing security stack , your tools and your processes , then you are in a much better place to understand what to do next , make the right decisions and mitigate those vulnerabilities .
Visibility is not a panacea – there are no silver bullets in cybersecurity – but it is a key factor in solving these challenges . Many of the issues we see could have been solved with visibility , had the organisation anticipated the problem ahead of time .
Consequently , the external attack surface starts to sprawl . But the challenge goes beyond simply being able to account for what the attack surface actually looks like ; the business risk and attribution factors are equally as important . Organisations need to be able to understand what the risk is to the business for any one individual service , or which part of the business is responsible for managing and securing it .
The way cloud services work means organisations may not always realise they are growing the attack surface by using them . A good example is if you were to start pushing public key infrastructure ( PKI ) certificates out to some of these public cloud services . It could be easy not to realise that this is something you own that is now outside and – if that ’ s visible to the public – a potential threat to the business .
Fundamentally , managing the external attack surface is about understanding and classifying business risk . We know cybersecurity never ends – it ’ s a constant cycle of gaining visibility , identifying and mitigating potential risks , and then putting controls in place .
It ’ s critical to know where the problems are – whether that ’ s the external attack surface , internal network or the intelligence services you ’ re getting specific to your industry – as well as having a clear understanding of your internal tooling , processes and people , so you can put the right mitigations in place and put things on a risk register . Visibility isn ’ t going to fix all of your problems , but without that you ’ re feeling around in the dark for a problem you can ’ t see . Greater visibility stacks the odds of success in your favour .
Can you define ‘ Intelligence Led Visibility ’ and explain its role in combating cyberthreats ?
This goes back to the difference between intelligence and information . Intelligence is the product of information , so intelligence-led visibility is shifting from a reactive informationfed model to a more meaningful and curated standpoint . Rather than having tools that send us information , instead we look at the costbenefit analysis of this information and measure it against our time and energy .
26 www . intelligentcxo . com