There are two converging problems for security operations resulting in a big flaming dumpster fire - the expanding modern attack surface and an ever-growing backlog of findings that need to be evaluated and triaged.
The result? An extremely fatigued team overwhelmed with an influx of security incidents, all flagged with varying levels of criticality.
As cloud adoption expands, so does the attack surface with a sharp rise in cyber assets in an organization's environment. Every connection point is a potential entry point for threat actors or attackers, leaving businesses vulnerable to cyber attacks.
While noble in mission, trying to protect all cyber assets with the same level of urgency simultaneously is simply not sustainable. Security operations teams lack the time and bandwidth to investigate and differentiate real risks and problems. The lack of visibility into the relationships among the assets within their organization's environment blindfolds security teams from effectively triaging security incidents.
Attackers optimize for the biggest score to get the maximum return on their effort - the time investigating and carefully exploiting weaknesses in an organization's security. So if attackers are strategic in their approach to breaching any organization or system, then the more strategic approach to our defenses would be asking, "What would be considered the 'biggest score' from our company?"
- Is it intellectual property like blueprints for hardware or source code for apps that give you the competitive edge?
- Is it data that could give rise to identity theft or threaten civilian safety?
Not all assets are equal. By triangulating what your business deems critical and what is highly sought after by potential attackers, security teams can more effectively partner with the rest of the business to ensure the risk appetite and incident response processes are calibrated appropriately.
We know - partnering across the business is not simple.
For far too long, security professionals have been known as the basement dwellers, the gatekeepers of access to technology, and the risk-averse doom-and-gloom spreaders. But over the last decade, there has been a significant shift toward transparency and collaboration since the problem has exponentially outgrown our ability to control the risk alone.
Technology may have given us a better ability to identify, detect, and protect our assets, but it hasn't helped us get any better at communicating. We still need to clearly share the urgency of issues, inspire our team members in other functional areas to join the mission, and make it simple to activate and do their part to protect the organization. All the data, dashboards, and slide decks cannot substitute the value of social connection, empathy, and curiosity about our teammates' day-to-day goals.
What might happen if we combine the personal relationships with storytelling and clarity on the business-critical asset relationships?
We might just have a shot at defending our organizations in a more sustainable way.
Relationships are the most underutilized factor in impacting the business - both human relationships and technological relationships.
Take Kevin Bacon, for example. You are no more than six degrees of separation from Kevin Bacon. The trouble is finding which people serve as those connections.
Likewise, the adoption of cloud creates an environment where any cyber asset is only so many degrees of separation from business-critical assets. The trouble is finding the path of direct and indirect relationships to follow.
There are two ways to use these asset relationships to your advantage when communicating the business impact of a seemingly isolated issue and take active steps to reduce risk:
- If the issue is with the business critical asset - what is the blast radius of impact beyond the first degree relationships of this asset? Will downtime or compromise impact the productivity of more than half of your employees, causing missed deadlines and ripple effects on business revenue? Will it lead to datastores that were originally thought to be private and compromise customer data?
- If the issue is with an asset 2+ degrees of separation from business critical assets - what chain of events would lead to a compromise of the critical asset and do we have preventative measures in place? Or do we need to escalate the urgency of the issue due to its relationship to the critical asset?
In both perspectives, security teams need the data and analysis before constructing the story and communicating across the business. Today, that information is spread across the fragmented tech stack most security teams manage - appsec tools, vulnerability management systems, asset management systems, incident response documentation, etc. It takes an egregious amount of time and resources to compile the information and construct the story, exacerbating an already fatigued team and creating an incomplete picture of the risk.
Enter JupiterOne. By integrating your fragmented tech stack with JupiterOne, we normalize the data for you in our graph database to help you and your teams visualize the relationships among the cyber assets in your organization. This way, your team will know what you have and focus on what matters.
Take a look at this video walking through how we do this with our newest feature - Critical Assets. To get a deeper dive into JupiterOne, request a demo.