Gartner predicts that within three years, a significant majority of threat detection, investigation, and response (TDIR) capabilities will rely on exposure management data to verify and prioritize identified threats, a steep increase from the current less than 5%.
Hence, the key to success is the data – The characteristics of the data and how it can be best leveraged.
Yet, a disparate collection of factors threatens the efficacy of data-reliant cyber defensive strategies
Most of the cybersecurity chatter since COVID has broken out focused on increased exposure due to the unplanned mass migration to remote work However, there are other changing work practices affecting an organization’s security posture. These include:
- The third-party software ecosystem, that requires granting business partners access to critical data
- The complexities of hybrid and multi-cloud infrastructures
- The impracticability of patching all vulnerabilities
This combination of factors accelerates the speed of diminishing security returns of exclusive reliance on risk-based approaches.
Converting to Threat Exposure Management
Shifting to threat exposure management implies refocusing the defensive strategies around the available data sources. These sources today, however, are siloed. The data comes from solutions such as endpoint detection and response (EDR), email and web gateways, WAF, and others, sometimes channeled through a single source, the SIEM, but without business context. Even worse, from an exposure management perspective, it only collects data about detected events. It is blind to security events that might happen, or even those that did happen but were not detected.
Understanding Exposure Data
These reactive technologies remain necessary in a threat exposure management approach, but with a cardinal caveat. The so-called plug-and-forget option of simply connecting a security solution and letting it ‘protect’ is not an option. An RSA 2022 survey shows that the main challenge in detecting threats is that organizations have too many tools to manage which results in an overwhelming number of unprioritized alerts
Configuring these tools is key to incorporating exposure data in the organization’s bespoke environment. Security gaps mapped through attack simulations can then be correlated with the business value of the assets they endanger.
What are exposure data?
Exposure data refers to information about vulnerabilities or weaknesses in a network, application, or systema, that could theoretically be exploited by attackers – i.e., unpatched software vulnerabilities, misconfigured servers, shadow IT, etc. – correlated with their actual exploitability, and with a prediction on how adversaries could advance from that point onwards.
In practice, exposure data provide an expert evaluation of the risk posed by each identified security gap in that specific environment.
Giving Exposure Data Business Context
- Evaluating the value of assets – This phase is to be performed by organizations executives and mapped to the organization’s infrastructure.
- Evaluating the effectiveness of detection and response solutions when faced with simulated attacks – This was traditionally done through resource intensive, point-in-time penetration tests, rather than a continuous process.
- Mapping the uncovered security gaps to the exposed assets
- Correlating the technical risk factor of each security gap with the asset they expose
How Exposure Management Increases CISOs Effectiveness
According to Gartner’s recently published “Four Facets of Effective CISO Leadership” eBook, board directors are actively seeking to modify the economic framework to prioritize revenues, margins, and productivity. 88%, identify cybersecurity as a threat to the business, making the CISO a central pivot of any strategy to improve the economic framework.
Each of the four facets of effective CISO leadership identified by Gartner benefits from access to exposure data.
- Effective Influencer
Continuous access to verified and quantified baselines established with exposure data equips CISOs with an effective communication tool to convey the state of their organization’s cybersecurity to all levels, from the board of directors to individual employees.
- Future Risk Manager
Quantified exposure data provides valuable information for executives to track. It accelerates informed decisions about the cybersecurity strategy. This information clarifies stakeholders’ understanding of the risks and potential impact of their requests. That understanding lets them make risk informed decisions about planned development and about investments in security solutions.
- Workforce Architect
Threat exposure management can also help CISOs optimize their security infrastructure, automate repetitive and time-consuming tasks, and free up resources for other important initiatives such as upskilling and focusing on future security skills. By streamlining processes, employees can focus on higher-value tasks that contribute to the organization’s overall security posture.
- Stress Navigator
Quantified exposure data also help CISOs to optimize their tool stack. This data-based optimization, combined with task schedulability, can help manage employees’ workloads and contribute to a healthier work-life balance.
Eventually, exposure data provides valuable information for project scope planning, helping CISOs prioritize initiatives and allocate resources more effectively. With a better understanding of their organization’s security posture, CISOs can make informed decisions about how to allocate resources and prioritize their efforts, ultimately minimizing the risk and potential impact of their security initiatives.
Access to exposure data leads to a more effective Threat Exposure Management approach, that can be further solidified by being made continuous.
From TEM to CTEM (Continuous Threat Exposure Management)
With a better understanding of the logic behind the threat exposure management core principles, it is easier to move on to adopting the full CTEM approach recommended by Gartner.
For more about implementing CTEM, read our eBook on Implementing Continuous Threat Exposure Management.
Nemours Prioritizes Remediation Efforts Using Cymulate
See how Nemours uses Cymulate to evaluate its defenses against the latest threats and improve its team’s productivity and incident response skills.READ MORE
Expanding on Existing IoCs to Leverage Immediate Threats Simulations
Learn from Cymulate specialists the quick and easy ways to expand on your IoC list to leverage immediate threats simulations.READ MORE
Light Up Your Security: Immediate Threats
Hear a Cymulate solutions architect discuss the increase of immediate threats and how enterprises should approach them.LISTEN NOW