You’ve likely noticed that you’re hearing about proactive security more frequently this year – an approach that’s been talked about for decades. So why are we seeing a renewed interest in the topic? What has changed?
For one, the cybersecurity industry has matured to the point where we now have the technological capabilities to actually achieve proactive security. In this blog post from Forrester, senior analyst Erik Nost states, “It’s time that we proactivate — which means knowing what we need to protect and what postures need to be straightened out, minimizing cracks in remediation processes, and ensuring that we have appropriate reporting.”
In our recent “Prioritizing Proactive Security: Making Sense of a Misunderstood Objective” webinar, Forrester’s Erik Nost and Axonius CISO Lenny Zeltser discussed the three core principles of proactive security – visibility, prioritization, and remediation – and why it’s an achievable objective for security teams in 2024. Here are our main takeaways from their conversation.
You can’t take action towards being proactive without knowing what it is you need to protect. Obtaining visibility into your environment is the first step, which is achieved by creating an asset inventory – giving you insight into what you have and what needs to be secured.
“We’re trying to obtain visibility and to understand why, where, and how we should be proactive. But there’s a lot of signals and noise. It’s hard to focus and bring clarity to what’s truly important.” – Erik Nost, Senior Analyst at Forrester
In other words, proactive security requires extensive visibility into your digital infrastructure – something Cyber Asset Attack Surface Management (CAASM) and SaaS Security Posture Management (SSPM) solutions, which didn’t exist until a few years ago, deliver. They help you understand the fundamentals of your architecture and show you where the gaps are, which allows you to then prioritize and remediate threats.
But the most important thing to prioritize is gaining context. Knowing what assets you have is only the beginning. Getting a clear understanding of what you’re missing and what needs to be protected is how you set your teams up to take the next step in achieving proactive security: prioritizing threats.
Knowing what to prioritize
After gaining a concrete, aggregate view of what’s in your environment, it’s time to learn what threats need to be addressed first. And this needs to be done in a way that makes the most of your time and resources. If this isn’t prioritized, you could find yourself chasing every threat that exists in your environment – creating an ever-revolving hamster wheel of reactive security.
Organizations often encounter a lot of noise during this process, which can make it hard to know what to tackle first. Many teams use CVSS scores to learn what to prioritize, but CVSS alone isn’t enough. A solution that correlates CVE, CVSS, and environmental asset data gives you a clearer picture of what threats are actually present in your existing architecture and how critical they are. This tells you exactly what needs to be remediated, and in what order, to help keep your environment secure.
“Now I can use tools to help understand my prioritization picture holistically and put together a plan of where and how I should focus prioritization efforts.” – Erik Nost, Senior Analyst at Forrester
Automating the remediation process
The remediation process can be noisy and complex if you don’t have a tool or the right processes in place to streamline it. Erik Nost recommends focusing on three key concepts when it comes to remediation:
- Addressing security alerts and events with consistency
- Deeply understanding your environment and control gaps
- Repeatedly measuring progress
Devoting energy towards these areas will give you a deeper look into how your remediation efforts are impacting your environments, along with an idea of what’s working as you begin or continue your journey towards a proactive security approach.
“At the end of the day, it comes down to fixing and remediating issues. But knowing that the Mean Time to Remediate figure we’re tracking is truly accurate takes consistency.” – Erik Nost, Senior Analyst at Forrester
Tips for getting started
Wondering how to begin? Our advice is to avoid trying to do everything all at once. Achieving proactive security is a process that takes time, effort, and patience.
Ask yourself these four questions when considering whether a given technology supports proactive security:
- Does it give me visibility into what I have in my organization that needs to be protected?
- Does it help me prioritize my remediations?
- Does it help me orchestrate remediations?
- Does it help me report on my proactive program?
This exercise helps you uncover the gaps and realize spots in your architecture and processes where these concepts can be integrated for a more holistic approach to cybersecurity.
If you’d like to hear these insights and more for yourself, you can watch the “Prioritizing Proactive Security: Making Sense of a Misunderstood Objective” webinar replay here.