mobile-connectivity

Tips and Best Practices to Get New
Security Leaders Up and Running

Below are highlights from the CyCognito brief.Advice-to-a-New-CISO
Here's the link to the PDF >>

 

Build Credibility by Taking Stock Quickly and Effectively

Whether you are a new CISO or just new to this particular organization, as security professional you have a unique opportunity to demonstrate your knowledge in this critical position.  

As a new CISO, you want to make sure that you are using the best tools that the industry has to offer in the most effective ways possible. Don’t let the unknowns in your attack surface trip you up. 

Build Credibility with These Four Tips

01
BEGIN WITH YOUR ATTACK SURFACE TO SEE ALL THE ATTACK VECTORS

Assess your organization’s risks so you can effectively allocate and prioritize your security program resources.

02
YOU WON'T FIND SHADOW RISK UNER A STREET LIGHT

Attackers use advanced reconnaissance techniques that see more of your attack surface than the narrow view provided by legacy risk assessment solutions.

03
WHAT'S THE BEST WAY TO TAKE STOCK QUICKLY?
– Find all your assets the way an attacker would

– Determine the business relevance of those assets

– Identify and prioritize attack vectors associated with the assets
 
04
CYCOGNITO PLATFORM DELIVERS IMMEDIATE AND ONGOING VALUE

Get visibility across your entire attack surface and the effectiveness of your security controls

TIP 01
Begin with Attack Surface Management as Your Security Program Foundation

One of your first priorities as a CISO should be to assess your organization’s risks so you can effectively allocate and prioritize your security program resources. Based on the most common tactics attackers use to breach your organization, there are two broad areas of risk exposure you need to consider. These are your:

Most organizations have effective coverage against the second area with email security, endpoint security, and anti-phishing security and training solutions. But those same organizations —especially highly distributed organizations and those using cloud and as-a-service technologies — do not have full visibility to their attack surface and their attacker-exposed and soon-to-be-exploited assets. This paper focuses on the risk from your attack surface and how you can benefit from an assessment of your organization’s security posture by viewing your attack surface from an attacker’s point of view.

What is an attack surface?

Figure 1. Your attack surface is the group of your attacker-exposed assets, known and unknown, wherever they are: in the cloud, in third-party environments, or in your subsidiaries.


Shadow risk, critical risk that is unseen or unmanaged by IT and security teams, is growing exponentially as applications, systems and infrastructure that used to sit within an organization’s well-defined perimeter are now shifting — in part or entirely — to cloud and partner networks. The implications of this change are profound because every small misconfiguration in a cloud environment or a partner’s network has the potential to open up access to your sensitive customer data, financial information and systems, application source code and intellectual property.

The way many organizations try to identify shadow risk is analogous to the well-known Streetlight Effect: looking in the dark for your lost keys under a streetlight, because that’s where you can see best, even though you lost them elsewhere.

TIP 02
You Won't Find Shadow Risk Under a Streetlight

One approach popular among new CISOs  assessing their organizations’ security posture is to commission a penetration test. The challenge with penetration tests is that they are limited in:

  • Coverage – providing visibility into a fraction of the entire attack surface
  • Frequency – lasting just a few days or weeks and representing a point-in-time view
  • Relevance – lacking an understanding of the business relevance of discovered issues

Likewise, vulnerability scanners are not designed to give you a complete picture and cannot help you identify unknown risks. They only know about the
assets they are configured to scan, such as particular IP ranges or assets with agents.

The first and foremost problem with these methods is that they ignore the way that attackers identify the blind spots in an organization’s defenses and thus leave them exposed. They are also designed to be point-in-time, as opposed to continuous, and only do in-depth examination on a portion of the attack surface — a portion identified explicitly by an internal team member.

Using penetration testing and vulnerability scanners to map your attack surface is like looking under the streetlight for lost keys — it doesn’t work well, it’s just convenient.

Advice to a New CISO

Figure 2. Attackers use advanced reconnaissance techniques that see more of your attack surface than the narrow view provided by legacy risk assessment solutions, depicted here as streetlights.

TIP 03
What's the Best Way to Take Stock Quickly?

The best and simplest approach for assessing the security posture of your new organization is to:

  • Discover assets the way an attacker would
  • Determine the business relevance of those assets
  • Identify and prioritize attack vectors associated with the assets

And it's important to keep doing this assessment. Security isn't static. You should validate your security posture continuously as part of your new security program.


TIP 04
CyCognito Platform Delivers Immediate and Ongoing Value

The CyCognito approach gives you immediate visibility to the breadth of your attack surface and the effectiveness of your security controls, without requiring any deployment or configuration.

The fully automated CyCognito SaaS platform identifies:

  • the entire attack surface, including assets that are managed outside the organization, to help you bring your shadow risk to light,
  • the business relevance of those assets,
  • and, ultimately, the most dangerous risks to your business, so you can remediate them first.

And unlike the legacy tools that give you a narrow and expensive point-in-time view that must be repeated periodically to be up-to-date, the CyCognito platform helps you validate your security posture automatically and autonomously on a continuous basis. The investment you make to get a picture of the security posture you inherited as a new CISO will continue to add benefit to your ever-changing organization and IT infrastructure as you build your security program.

mobile

how effective is your security program?

Let us show you how attackers view your IT ecosystem and how the CyCognito platform provides the same visibility. The more you can see the more effective your security program.

Demo Request