Cyber Risk RemediationGaining Context, Visibility and Control of Your IT Ecosystem
The Cyber Risk Remediation process comprises an initial Cyber Risk Audit; the aggregation of data into a System of Record; analysis to identify existing hygiene posture and risk; remediation tasks and support to address key “quick wins”; and a second audit to evidence success.
Cyber Risk Remediation is often the initial engagement process with many of our customers then moving from snapshot to a full monitoring and investigative Security Operations Centre (SOC) run by Secrutiny.
Why Context, Visibility and Control?
Security is about data intimacy and asking the right questions. Many security products and approaches available today provide only one or two of the 'Context, Visibility and Control' trio. Only with all three can you be sure of a strong defence.
Many tools are externally focused; preventing threats both known and new such as malware, viruses and ransomware. But they won't help you identify a malicious insider in your domain, whitelisted on your applications. For this, you need Context, Visibility and Control.
Context provides common sense elements that software often lacks. Why would an HR employee suddenly require a profile on an endpoint belonging to Finance?
Visibility looks beyond the apparent. For example, your Anti Virus may believe it has successfully cleaned a virus from your endpoint, but with wider Visibility you can see that the endpoint is now trying to communicate across the network. Perhaps an embedded virus was missed, and a worm is trying to move laterally across your estate.
Control stops threats as they are identified. Good examples include Anti Virus and User Behaviour Analytics, but most security solutions include Controls. Gaps in your Controls can lead to enormous opportunity for exploitation.
Cyber Risk Audit
Our Cyber Risk Audit drives risk reduction and improvements in security hygiene, underpinned by an evidence-based, data-driven, and pragmatic approach. We achieve this by leveraging our expertise and tools to analyse metadata gathered from across the entire IT ecosystem. This ensures a completeness of picture of our clients’ IT security.
In reality, our Cyber Risk Audit is a snapshot of what a full functioning Security Operations Centre (SOC) should highlight in controls and cyber issues.
Assess Security Hygiene of IT Estate
- Distribution and use of user profiles on computers.
- Potentially unwanted or restricted-use tools.
- Services inconsistencies and subscription connections.
- Patch inconsistencies of commonly targeted applications.
Determine Security Posture of Organisation
- User rights and privileges by Active Directory groups.
- Configured password restrictions.
- Network Access Control (NAC) limitations and policies for service access and data movement.
- Shadow and remote, or third-party, IT services usage.
Identify Exigent Risks
- Indicators of compromise of the network, endpoint resources or data.
- Malware or infection.
- Abuse of user rights.
- Violations of policy.
- Service configurations abusing operating system secure configurations.
- Inappropriate use of estate computing or information sharing resources.
of breaches Secrutiny has responded to showed major hygiene, policy, posture and visibility deficiencies.
of clients have no evidence of their risk profile and whether their deployed controls actually work.
of security tools are deployed without comprehensive context, visibility or control – their effectiveness could be significantly improved with data correlation.
of security postures focus only on protecting infrastructure, with no focus on the data.
The Cyber Risk Audit output is aligned to each business’ appetite for risk; every organisation is different and therefore, security needs to be bespoke. Secrutiny will recommend, and drive, remediation action with the client to swiftly improve the risk profile of the organisation.
Key to Secrutiny’s philosophy is that risk reduction tasks are devised, where possible, to accommodate existing investment in tools and technologies; buying the next ‘layer of the onion’ seldom increases effectiveness and adds unnecessary complexity.
Following execution of the remediation programme, Secrutiny will provide assurance that the risks have been successfully mitigated by conducting a second Cyber Risk Audit, wherein the risk reduction and cyber maturity achieved can be demonstrated.
System of Record
As part of the Cyber Risk Remediation programme, Secrutiny will also drive log aggregation – the development of a data ‘lake’ – which is required for onward analysis, correlation and to help defend the organisation in the event of a breach.
The System of Record – essentially, a bucket of data describing your IT ecosystem and hygiene
- Extract and model data for informational risk purposes.
- Audit quality and accuracy of vendor-reported alerts and performance.
- Facilitate Key Risk Indicator (KRI) and Key Performance Indicator (KPI) reporting.
- Conduct analysis of threat intelligence or suspicious activities upon
acquisitionof new information.
Once you have your System of Record, we can interrogate it with any security question we may wish to ask. Security is a set of questions; the context, visibility and control achieved through Cyber Risk Remediation provides complete answers.
The System of Record also provides the context and visibility needed to run a full Security Operations Centre (SOC) – either in-house or outsourced – with controls provided by SIEM. Secrutiny can provide a SIEM service, and even utilise controls already in place within the client’s environment.