More and more, organizations are finding they do not have the levels of automation and visibility needed to prevent, detect and respond to modern threats. These threats are harder than ever to detect, and constantly evolving to take advantage of gaps in security postures that have been widened by increasingly disparate architectures. For example, traditional perimeter defenses were not designed to protect the wide range of applications, services and endpoints managed by commercial cloud providers underpinning today’s digital transformation.
As it currently stands, most organizations lack the automation and visibility needed to gain this advantage. This forces many organizations into a reactive security posture, requiring analysts to scramble to react in a timely manner to new and evolving attacks against their cyber terrain. In order to shift security postures from reactive to proactive positioning, organizations will need to re-evaluate their security strategy so that they are able to shape the attack surface to their advantage and make network traffic analysis solutions the cornerstone of their detection and response capabilities relied on by SOC teams.
Discovery and Assessment
First, organizations need to know what their security stack contains – what capabilities are present and utilized, what capabilities are missing, and what capabilities may be duplicative. The easiest way to assess this is by mapping capabilities against a threat-based framework, such as the MITRE ATT&CKTM framework, or the Department of Defense’s DoDCAR framework. This should provide organizations with a decision support tool to develop a complete understanding of both current and desired capabilities and risk posture.
Often this is where organizations will find redundancies in their security stack, uncovering a multitude of over ..
Support the originator by clicking the read the rest link below.
