Breaking Down Data Siloes: The Key to Effective SecOps

Device Diversity, Cloud Adoption, and Remote Work Expand Attack Surface

Today’s digital ecosystem is highly complex, with device diversity, cloud adoption, remote work, and a complex sof 通過 are supply chain significantly expanding the attack surface. Despite an increased year-over-year investment in security operations, most organizations still only have the resources to address 10% of the millions of issues present in their environment. Security and risk leaders need to be practical and focus on the small percentage of exposures that represent the most risk to their organization.

Data Siloes Hinder Effective Security

Security teams have access to the intelligence they need to power risk-driven vulnerability prioritization. However, to harness the full potential of their existing insights, security teams must first break down barriers caused by existing data siloes. Digital ecosystems generate data from various sources, including autonomous ne 通過 ork and vulnerability scanners and manual spreadsheets. Teams must understand how each element plays a role in the prioritization decision-making process to explore the strengths, weaknesses, and opportunities of each resource.

Silo 1: Cyber Asset Management

Several approaches can help create a consolidated inventory of all assets and their associated risk posture, including legacy spreadsheets, traditional ne 通過 ork scanners and IT asset management tools, and cyber asset attack surface management (CAASM) platforms. However, depending on the approach taken, teams may only be looking at the traditional attack surface rather than everything that would typically be present in a multicloud, decentralized, and well-segmented modern ne 通過 ork. Progress is being made in this category, but it is still built off point-in-time, state-based insights, and the lack of insight into attack behavior affects their overall effectiveness.

Silo 2: Threat Detection and Response

Threat detection and response tools help organizations understand their attack surface from the adversary’s perspective by analyzing ne 通過 ork, user, and machine behavior. Although security information and event management (SIEM) systems provide high-quality data, teams find it challenging to comb through and extract the most pertinent information due to alert overload. Furthermore, threat detection and response platforms typically only monitor “known” assets for changes, whereas the greatest threat lies with the changes made to unknown assets. Although these platforms have significantly expedited response and remediation, they still lack visibility into exposures beyond typical sof 通過 are vulnerabilities and misconfigurations.

Silo 3: Third-Party Intelligence

Several methods can gauge the potential impact and exploitability of vulnerabilities, including the Common Vulnerability Scoring System (CVSS), Exploitation Prediction Scoring System (EPSS), and vendor-specific scoring systems. CVSS is the most common method for prioritizing vulnerabilities. However, relying solely on third-party guidance poses significant risks as it does not consider the organization’s unique requirements. For example, security teams still have to decide which patches to prioritize in a group of severely critical vulnerabilities. In this case, it is impossible to make an informed decision using these quantitative methods alone. Instead, teams should consider factors such as the location of the asset and its interconnectivity.

Silo 4: Business Insights

Configuration management databases (CMDBs), controls and dependency maps, and data lakes are critical to threat and exposure prioritization due to their strength in demonstrating the connections be 通過 een devices and vulnerabilities, as well as the overall business criticality and dependency mapping. However, custom databases require a heavy manual lift to implement and keep up to date, making them quickly become outdated, making it impossible to accurately survey security posture changes.

Change Is Programmatic, Not Tool-Centric

While each source listed above serves its own purpose and provides a unique layer of valuable insight, none of them serves as a single source of truth for navigating today’s sophisticated threat landscape. That said, they become extremely powerful when they work together and reveal a comprehensive vantage point that enables teams to make better, more informed decisions. However, many valuable insights necessary to drive informed, risk-based decisions either get lost in the siloes of enterprise tech stacks or get stuck be 通過 een conflicting teams and processes.

Although modern environments require equally progressive security, there isn’t a single tool or team that can repair this siloed process. Security leaders need to align their cyber asset intelligence to their primary use cases. That may be through mapping vulnerability prioritization using third-party intelligence, business context, and asset criticality, or by targeting specific control frameworks such as NIST Cybersecurity Framework or the CIS Critical Security Controls to use their security data to drive an effective security improvement program.

Advice

Breaking down data siloes is critical to effective threat and vulnerability management. To achieve this, organizations must align cyber asset intelligence across all silos to primary use cases and focus on the small percentage of exposures that represent the most significant risk to their organization. Security leaders must also understand the unique requirements of their organization and avoid relying solely on third-party guidance for vulnerability prioritization. In doing so, organizations can harness the full potential of their existing insights and create a comprehensive vantage point to make better, more informed decisions.

Philosophical Discussion

Today’s security challenges demonstrate the importance of a holistic approach to security. The traditional approach of throwing more resources at security is unsustainable and insufficient in today’s sophisticated threat landscape. Instead, security leaders must leverage existing insights and work across silos to prioritize the most significant risk to their organizations realistically. This requires a shift in mindset from viewing security as an afterthought or a series of reactive measures to an ongoing, proactive process that involves all stakeholders.

Editorial

Data siloes have long plagued organizations, hindering their ability to make informed decisions due to the lack of visibility across the entire digital ecosystem. As cybersecurity threats become more sophisticated and the attack surface expands, breaking down data siloes has never been more critical. However, this is not just a technological problem; it is also a people problem that requires a cultural shift. Security leaders must focus on aligning cyber asset intelligence to primary use cases and avoid an over-reliance on third-party guidance for vulnerability prioritization. Only through a comprehensive, holistic approach can organizations manage their security risks effectively.