The global attack surface is constantly expanding as new technologies and devices connect to the Internet, according to new research from security firm Tenable.
Scott McKinnel, Country Manager, Tenable ANZ In fact, 117,289 new hosts, 613 new domains, and 375 new threats are released every minute globally, with the growing number of IoT devices, cloud services, and mobile devices especially contributing to this trend.
According to new research released by Tenable, as the number of connected devices grows, so does the number of potential vulnerabilities, and the problem of the Internet fighting vulnerabilities will be solved yesterday to solve today’s problems. This is due to the fact that the tools and processes of – Built and designed for his IT in the old days when the targets of cyberattacks were static laptops, desktops or on-premise servers.
“As a result, organizations struggle and confidently manage their cyber risk every step of the way: identifying assets, detecting weaknesses, prioritizing issues for remediation, measuring risk, and comparing to peers. “In this new digital age, it is clear that we need new approaches,” said McKinnel.
|
|
“The single most effective way to regain control of an ever-evolving and flexible attack surface is to be able to identify and assess all assets across all computing platforms with live visibility. This enables organizations to understand their true level of cyber risk and proactively manage and mitigate it.
“The cybersecurity industry has moved away from traditional vulnerability management, which is focused on providing customers with a list of vulnerabilities, to understand where customers are exposed, what that means in terms of risk, Exposure management should be employed to help customers understand how to effectively manage and mitigate that risk.
“Today, the vast majority of security leaders understand that cyber risks have increased significantly due to exponential growth in data, an increasing number of tools used, and operational silos. Teams face the challenge of keeping up with the adoption of new solutions for managing a variety of vulnerabilities, web applications, identity systems, and cloud assets. It is about effectively analyzing all the data generated from the bag of data to make informed decisions about which exposures represent the greatest cyber risk for the organization.”
McKinnel. says when attackers assess an organization’s cyber defenses, they’re not thinking in terms of data silos, but looking for the right mix of vulnerabilities, misconfigurations, and identity privileges. . Fastest to your organization’s network.
To be an effective part of an exposure management program, McKinnel said a platform should offer three key functions.
Comprehensive Visibility: A unified view of all assets and associated vulnerabilities (software, configurations, entitlements), whether on-premises or in the cloud, is essential to understanding where your organization is at risk. Exposure management platforms must continuously monitor the internet to quickly detect and identify all external facing assets and eliminate areas of known and unknown security risks. This reduces the time and effort security teams need to understand their entire attack surface, eliminate blind spots, and build baselines for effective risk management.
Anticipate and Prioritize: Exposure Management Platforms leverage large data sets available from a variety of point tools to provide context on the relationships between assets, exposures, privileges, and threats across attack paths, helping users mitigate cyberattacks. should be able to predict the outcome of Cyber risk prioritization is necessary for cybersecurity teams to continuously identify and focus on the attack vectors with the highest risk of being exploited. These capabilities provide accurate and predictive remediation insights to help security teams proactively mitigate risks and prevent attacks with minimal effort.
Effective indicators for communicating cyber risk: Security professionals and business leaders have a centralized, business-aligned view of cyber risk with clear KPIs to show progress over time and benchmarking capabilities to compare against external peers. I need a view that looks like this: An exposure management platform should provide actionable insight into an organization’s overall cyber risk. This includes the value of the positive efforts that are made every day. It also requires the ability for users to drill down into details for each department or operational unit. To improve communication and collaboration between stakeholders, you need to provide an accurate cyber risk assessment tailored to your business. Actionable metrics help security teams demonstrate the value of proactive efforts, save time, improve investment decisions, support cyber insurance initiatives, and drive improvement over time. All this while clearly reducing risk to the organization.
According to McKinnel, exposure management provides a way for cybersecurity leaders to take back the story from “reactive, headline-grabbing breaches and attacks” and “implement a proactive, preventative security program in a language the business understands.” It allows us to articulate effectiveness, and pushes the limits of outdated and siled security programs.”
