Organizations must emphasize on visibility to stay ahead of real world threats, according to cybersecurity company Skybox Security. Rahul Arora, Regional Director, India & SAARC at Skybox Security said at this year’s Gartner Security & Risk Management Summit that rather than looking at the overwhelming and ever-increasing number of threats, your focus should be on identifying those that pose a real risk to your business and knowing the right patching and preventive controls to mitigate them.
“To do this you need to create visibility into your assets and eco-system or what is now called as “your attack surface,” said Arora, adding, ”It’s time to harness the power of analytics, modelling and simulation to improve attack surface visualization, said He added, “With better visibility, security teams are better prepared to fend off attacks; with the availability of comprehensive intelligence needed to build a mature security program. A sophisticated attack surface visualization solution gives CISOs and security leaders the ability to see all security exposures at once, zoom in on problem areas and identify what’s causing the problem – all in seconds.”
According to him, in order to see the attack surface, one needs to understand the many layers that create it. To some, the attack surface has only been thought of in terms of vulnerabilities. But there are other factors that put an organization at risk, and they must be analyzed in connection with other attack vectors, the context of a unique network and the potential impact if they are exploited.
To holistically visualize and understand the attack surface and provide context to security risks, Arora believes a solution needs to consider two things:
Topology: By comprehensively mapping all systems, devices and network segments as well as the paths between them, the interdependencies of your network affect risk exposures becomes more apparent. Effective solutions need to incorporate servers, endpoints, networks (including clouds), networking devices and security devices (physical and virtual) into a visual model.
Indicators of Exposure (IOEs): IOEs highlight a system, device or network that is exposed to a potential attack, helping you secure the organization before an attack occurs. IOEs include software vulnerabilities, misconfigurations and missing security controls, overly permissive rules and violations of security policies and compliance rules.
By “mapping” IOEs to an organization’s topology, security teams can quickly and intuitively extract actionable conclusions from the data, concluded Arora.