Cyber Risk Management Solutions
3 Rules for Risk-Based Vulnerability Management

3 Rules for Risk-Based Vulnerability Management

Consider risk-based vulnerability management to be able to confidently visualize, analyze, and measure cyber risk in real-time while reducing your cyber exposure. 


risk-based vulnerability management

I was reading an article recently where the author said that he was presented with the question, “Why bother focusing on vulnerabilities at all?” The point they made was that you can be:

  • Not patched and hacked
  • Patched and not hacked
  • Not patched and not hacked
  • Patched and still hacked (via social engineering, phishing, zero-day or an asset not covered by your VM program)

I understand his frustration, but it’s always better to be prepared. Cybriant obviously recommends covering your bases as much as possible to reduce your threat landscape.

The modern attack surface has created a massive gap in an organization’s ability to truly understand their cyber exposure.

The larger the gap, the greater the risk of a business-impacting cyber event occurring.

Traditional Vulnerability Management is no longer sufficient. Risk-based vulnerability management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support).

We help security leaders answer the following questions:

  • Where are we exposed?
  • Where should we prioritize based on risk?
  • How are we reducing exposure over time?

Security leaders should be prepared to take traditional vulnerability assessment and vulnerability management to the next level. Use the results from your assessment and remediate your issues to reduce your risk.

Risk-Based Vulnerability Management

Vulnerability scanning (especially done continuously) is an important part of your overall security strategy. If you are scanning, say – only for compliance reasons – but not taking action on the issues, what’s the point?

With a risk-based vulnerability management program, you are able to take the logical next step to reduce your threat surface by focusing on the top priorities for remediation.

If you are using internal resources to scan, sometimes the report is difficult to understand. This is a huge benefit of working with Cybriant. We’ll help customize the reports, so you are easily guided through how to remediate any issues.

By using a risk-based vulnerability management approach, you will save money by fixing only the highest priority vulnerabilities and time by being able to focus on the remediation steps.

Remediation is Key

In a risk-based vulnerability management program, the vulnerability scans need to run continuously. With eyes on your systems at all times, you’ll be alerted to issues as they are presented. Therefore, you’ll be advised on how to fix them faster.

This is why remediation in a risk-based vulnerability management program is key.

According to the article I previously mentioned:

Vulnerability assessment has absolutely no security value … unless you utilize the results to reduce your risk.

Vulnerability management done without significant thinking about remediation priority may in fact also be pointless (vs the labor spent).

However,”risk-based” vulnerability management does deliver real security value – as long as you actually practice it!

Source

Therefore, Cybriant uses a risk-based vulnerability management approach.

By offering continuous vulnerability scanning plus remediation advice, you’ll have a complete risk-based vulnerability management program easily.

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities.

The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

Prioritize Risk

Patching is time-consuming and expensive! So, how should you handle it? You know you need to patch. The answer is risk prioritization. If you have 1000 known vulnerabilities, the best option is to “Patch Smarter.”

If your organization is able to prioritize the top 100 highest risk patches, then focus on those. We use this process internally with our risk prioritization program. Our ticketing system will alert you to only those issues with the priority level that you define.

By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique

Unknown Assets

The greatest challenge for many security teams is simply seeing all the assets in their environment. Adversaries now have a much larger attack surface to probe and attack you across – and those adversaries can see everything and will attack you wherever they find a weak link.

It’s not just that the attack surface is expanding. It’s that legacy tools aren’t sufficient to cover it.

Vulnerability management (VM) tools were often deployed for compliance reasons – to cover just the assets in scope for specific regulations. Then security teams realized VM provides a value proposition around risk/visibility and started expanding the scope to cover all traditional IT assets.

But technology has leapfrogged those tools. We live in a world of cloud, DevOps (containers and microservices and web apps), and IoT/OT. Your organization needs an approach that is flexible enough to cover the entire modern attack surface, as well as expand and contract with it as changes occur.

The bottom line is that legacy tools and approaches simply don’t get the job done today.

Consider risk-based vulnerability management with Cybriant. You’ll get real-actionable results on a regular basis.

Risk-Based Vulnerability Management

Types of Network Security Threats and How to Combat Them

Types of Network Security Threats and How to Combat Them

If you’re interested in the types of network security threats and how to combat them, you’re in the right spot. We’ll discuss a tried and true method to create a solid foundation for your network security. 


What’s keeping you up at night? Is it hackers, insider threats, malware, phishing? Maybe there are a few new types of network security threats that you haven’t heard of yet? You never know!

Even the most secure organization may have pitfalls that allow something to slip through the cracks. Consider Equifax and THE most talked about breach of 2017 that could have been prevented so easily with a proper patching policy.

The fact of the matter is that the bad guys are constantly trying to catch us. You can train your employees all you want, but there’s still a chance that an employee may not be able to identify an extremely sophisticated phishing email. Phishing email creators are getting REALLY GOOD! These guys take anything from celebrity news, worldwide sporting events like the Olympics or the World Cup, or something as personal as W-2 information around tax time to make sure you will click on their email. Even the CEO of KnowBe4 recently received a phishing attack that seemed to be from his personal accountant.

Types of Network Security Threats

There are typically four types of network security threats, and any particular threat may be a combination of the following:

Unstructured Threats

Unstructured threats often involve unfocused assaults on one or more network systems, often by individuals with limited or developing skills. The systems being attacked and infected are probably unknown to the perpetrator. These attacks are often the result of people with limited integrity and too much time on their hands. Malicious intent might or might not exist, but there is always indifference to the resulting damage caused to others.

Structured Threats

Structured threats are more focused by one or more individuals with higher-level skills actively working to compromise a system. The targeted system could have been detected through some random search process, or it might have been selected specifically. The attackers are typically knowledgeable about network designs, security, access procedures, and hacking tools, and they have the ability to create scripts or applications to further their objectives. Structured attacks are more likely to be motivated by greed, politics, international terrorism, and government-sponsored attacks.

Internal Threats

Internal threats originate from individuals who have or have had authorized access to the network. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose. Many surveys and studies show that internal attacks can be significant in both the number and the size of any losses.

External Threats

External threats are threats from individuals outside the organization with no authorized access to the systems. In trying to categorize a specific threat, the result could possibly be a combination of two or more threats. The attack might be structured from an external source, but a serious crime might have one or more compromised employees on the inside actively furthering the endeavor.
(Source)

There are many different examples of each type of network security threat. According to computerweekly.com, the top 5 corporate network security threats include:

  1. Viruses
  2. Virus Back Doors
  3. Application-specific hacks
  4. Phishing
  5. Blended Attacks

Basically, you have to be prepared at all times, for anything. Trust no one, don’t click on any emails. In fact, if you want your data to be completely secure, just toss it in a volcano. Don’t forget that you are also building a successful business while protecting your network security. There MIGHT be a better way…

Calculate Your Network Security Threat Risk

types of network security threats

Is your company secure? How can you tell? It isn’t easy, but there is a way – you just need something to compare yourself to.

Back in 1901, the US Government gave us something called NIST, National Institute of Standards and Technology.

NIST focuses on recommending standards for various industries and other government agencies in a wide variety of areas. It is a non-regulatory agency of the United States Department of Commerce. From cybersecurity to mammograms and advanced manufacturing, innumerable technologies, services, and products rely upon NIST expertise, measurement, and standards. https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology

More recently, NIST introduced the NIST Cybersecurity Framework. This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk.  The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

types of network security threatsAccording to the NIST Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, The Cybersecurity Framework is designed to reduce risk by improving the management of cybersecurity risk to organizational objectives. Ideally, organizations using the Framework will be able to measure and assign values to their risk along with the cost and benefits of steps taken to reduce risk to acceptable levels. The better an organization is able to measure its risk, costs, and benefits of cybersecurity strategies and steps, the more rational, effective, and valuable its cybersecurity approach and investments will be.

This is awesome news! But, this is also a lot of information and a lot to understand. Never fear, we have security consulting experts that can easily walk you through the process (as well as PCI, HIPAA, or any other necessary framework). For the sake of this article, and to understand where to begin, let’s start at the beginning according to NIST:

To manage cybersecurity risks, a clear understanding of the organization’s business drivers and security considerations specific to its use of technology is required. Because each organization’s risks, priorities, and systems are unique, the tools and methods used to achieve the outcomes described by the Framework will vary.

The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories – which are discrete outcomes – for each Function and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

Start from the Beginning: IDENTIFY

Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.

The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enable an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

Identify

  • Asset Management: The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy
  • Business Environment: The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
  • Governance: The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
  • Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
  • Risk Management Strategy: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
  • Supply Chain Risk Management: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

Know Where You Are

We can help you begin at the beginning. We have two services that could potentially help with most of the items on the list. Our Real-time vulnerability management service will help you identify all the assets on your network. Many companies may not know all the devices on their networks, this is very common! Our risk assessment service can help you assess where you are, identify any gaps, and even help you with ongoing compliance requirements.

Ready to get started? Let’s go! Schedule time with us today to discuss your specific needs.

Did you know a Vulnerability Scan could help Identify Assets?

Continuous Network Monitoring like a…Fitbit?

Continuous Network Monitoring like a…Fitbit?

The single best analogy for continuous network monitoring: Fitbit. What does this mean and what can a Fitbit tell you about continuous network monitoring?

First of all, what do we mean by continuous network monitoring?

“Continuous monitoring is an ancient concept dating back to warring factions using arrows, clubs, and spears. The Babylonians in 539 BC didn’t think they needed to monitor their defenses because their defenses were so impenetrable—that is, until the Persians dammed up the river to sneak in through what turned out to be an unmonitored vulnerability. More recently, we’ve seen references to multiple break-ins that relied on gaining a foothold through one or more vulnerabilities that may or may not have been known.continuous network monitoring

Because of continuous changes in the threat and monitoring landscape, over the past few years, monitoring has become so important that federal agencies are now required to continuously monitor their systems and defenses. Outside the federal government, IT organizations in almost every sector are required to maintain and monitor their computers to various degrees.”

“Continuous monitoring is a cycle consisting of four basic phases: discovery, analysis, tuning and reporting. Each of these basic phases has multiple parts, but simplifying the basic phases makes the entire process applicable to a wider range of situations. These are not individual phases that run-in sequence; all four phases need to be going on continuously.”

Thank you to the SANS reading room for that great explanation of continuous monitoring!

Back to the Fitbit example

Many of us have learned through our Fitbit that we’re not sleeping enough, exercising enough, or eating correctly. It’s the same scenario with continuous network monitoring, although instead of tracking your personal health, it monitors your organization’s security posture.

There are typically 5 critical cyber controls when it comes to continuous network monitoring:

1. Discover all assets: Asset discovery is critical! But many find this step the most difficult. Legacy tools aren’t sufficient to cover it. You should include identification of all authorized or unauthorized hardware and software, transient devices and applications, unknown endpoints, BYOD devices, network devices, platforms, operating systems, virtual systems, cloud applications, and services. The optimum solution should include a combination of automated discovery technologies running in near real time.

2. Continuously remove the vulnerability from all assets: To remove all vulnerabilities, you must implement a regular continuous monitoring program. Procedures should include three areas:

  • Applying software, hardware, and cloud service patches to remove vulnerabilities
  • Applying configuration changes to limit malicious exploits
  • Applying additional host or network-based security monitoring

3. Deploy a secure network: Network security should be a daily practice. For each asset, one or several mitigating technologies can be deployed to prevent or detect malicious activity. For example, host-based technologies include anti-virus, application white-listing, and system monitoring; network-based technologies include activity monitoring, intrusion prevention, and access control; auditing cloud-based technologies can be done with APIs, threat subscriptions, and network monitoring or endpoint system monitoring.

4. Give users access to the systems and data they need: All users should have a demonstrated business need to access specific systems and data. Limit and control administrative privileges, avoid using default accounts, enforce strong password creation, and log all accesses.

5. Continually hunt from malware and vulnerabilities that could potentially attack the well-being of your network: You must actively monitor your systems for anomaly detection and exploitation. It is frankly unrealistic to expect your systems to be 100% incident free. Attackers acquire new technologies every day; you have to stay one step ahead of them by proactively managing your systems with near real-time continuous scanning for viruses, malware, exploits and inside threats. Each of the previous 4 controls makes your search for malicious activity easier and create several audit trails to be used in a forensic analysis.

These controls are at the heart of continuous network monitoring, to help you track the vital signs of your systems. If you aren’t sure where to start, take a look at our Modern Approach to Vulnerability Scanning.

continuous network monitoringIT teams deploying continuous network monitoring for the first time often find they are not remediating their vulnerabilities as fast as they thought, are not monitoring their users as thoroughly as they believed and are spending precious resources working on the wrong risk reduction programs. Regardless of industry sector, every executive needs some form of assurance that the organization’s cyber assets are protected.

Tweet: Every company that leverages networks, mobility, cloud, and virtualization is subject to the threat of network attacks and the demands of regulatory compliance.

Many of Cybriant’s customers deploy our continuous network monitoring solutions as a peer to their business systems. Our solutions help provide assurance that the IT organization is not adding new types of cyber risks, so executives can be confident the business is operating safely over the Internet.

Modern Day Problems with Continuous Network Monitoring

Unknown Assets and Devices

An asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets which represent your modern attack surface, including cloud, containers, web applications, and mobile devices. Proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.

Sporadic Vulnerability Scans

Periodic vulnerability scans, like annual physicals, are limited in the type of protection that they can provide to assure system fitness. However, continuous network monitoring is game-changing technology and is becoming the new normal. Continuous network monitoring is not a fad, it implements the 5 healthy best practices that your organization should be monitoring, and it provides daily visibility into your progress. Tenable is proud to be leading the trend.

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

Prioritized Risk

By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique

Introduction to The Modern Approach to Vulnerability Scanning

Today’s enterprise networks are in a perpetual state of flux. The use of mobile devices to access corporate data is skyrocketing. More IT services are being delivered via the cloud than ever before. And users are constantly subscribing to SaaS-based applications, including file sharing applications like Box, Dropbox, and Google Drive, without IT’s consent. Meanwhile, hardly a day goes by without reports of a major data breach appearing in the trade rags or some high-profile cyberattack being featured on the evening news.

But why? Are the bad guys really getting smarter? Or are our existing defenses becoming outdated? Perhaps it’s a bit of both. Innovations in continuous network monitoring are giving savvy IT security teams a leg up in mitigating risks associated with advanced threats. Unlike legacy vulnerability management systems that rely on active scanning, continuous network monitoring provides real-time visibility into mobile devices, virtual platforms, cloud applications, and network infrastructure — including their inherent security risks. If you and your colleagues are tasked with reducing network security risks while maintaining compliance with industry or government regulations, then this book is for you.

Download the ebook today: https://www.cybriant.com/modern-approach-to-vulnerability-scanning-2/

Real-time Vulnerability Management

The larger the gap, the greater the risk of a business-impacting cyber event occurring. Traditional Vulnerability Management is no longer sufficient. Managed Vulnerability Management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support). We help security leaders answer the following questions:

Where are we exposed?

What assets are affected, where, and what is the significance/severity? The changing technology and threat landscape have made this harder to see.

Where should we prioritize based on risk?

Data overload and lack of security staffing have made this more important than ever.

How are we reducing exposure over time?

Security leaders want to understand and report on their progress and show the value of their investments to senior management.

If you are unsure how to respond to these questions, let’s talk.

When you outsource your vulnerability management to a security provider like Cybriant, you’ll be able to:

  • Discover: Identify and map every asset for visibility across any computing environment
  • Assess: Understand the state of all assets, including vulnerabilities, misconfigurations, and other health indicators
  • Analyze: Understand exposures in context, to prioritize remediation based on asset criticality, threat context, and vulnerability severity
  • Fix: Prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique
  • Measure: Model and analyze cyber exposure to make better business and technology decisions
  • Report: Cybriant’s staff of security experts will work report and give security and IT teams complete and accurate visibility and insight.

 Cybersecurity Standards for Compliance

There are many different types of government and financial compliance requirements. It is important to understand that these compliance requirements are minimal baselines that can be interpreted differently depending on the business goals of the organization. Compliance requirements must be mapped with the business goals to ensure that risks are appropriately identified and mitigated.

For example, a business may have a policy that requires all servers with customer personally identifiable information (PII) on them to have logging enabled and minimum password lengths of 10 characters. This policy can help in an organization’s efforts to maintain compliance with any number of different regulations. These compliance checks also address real-time monitoring such as performing intrusion detection and access control.

Common compliance regulations that require continuous monitoring include, but are not limited to:

  • BASEL II
  • Center for Internet Security Benchmarks (CIS)
  • Control Objectives for Information and related Technology (COBIT)
  • Defense Information Systems Agency (DISA) STIGs
  • Federal Information Security Management Act (FISMA)
  • Federal Desktop Core Configuration (FDCC)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • ISO 27002/17799 Security Standards
  • Information Technology Information Library (ITIL)
  • National Institute of Standards (NIST) configuration guidelines
  • National Security Agency (NSA) configuration guidelines
  • Payment Card Industry Data Security Standards (PCI DSS)
  • Sarbanes-Oxley (SOX)
  • Site Data Protection (SDP)
  • United States Government Configuration Baseline (USGCB)
  • Various State Laws (e.g., California’s Security Breach Notification Act – SB 1386)

Yay for Boring Security!

In the recent article, “Is My Company Secure,” we discussed how monitoring is the ‘boring’ phase of selecting a security framework. But, in the end, don’t you want security to be boring? continuous network monitoring

By using a framework, we are converting information security from something that is at best a hodgepodge of duct tape into a strategy. Strategy takes us from reaction to prevention and that takes us from front news to boring company that protects their customer’s data. In security, you want to be boring.

Just like a Fitbit, Continuous network monitoring takes a holistic approach to monitoring security well-being. Not only does it discover all assets and track them for vulnerabilities, but it also monitors networks in real time for threats, gathers contextual analytics and provides assurance that mitigating controls are in place.

Continuous network monitoring keeps you on track, continually making progress towards improving your security posture and meeting your business goals, just like a Fitbit does for your personal health.

About Cybriant

Cybriant is a holistic cybersecurity service provider which enables small and mid-size companies to deploy and afford the same cyber defense strategies and tactics as the Fortune 500. We design, build, manage, and monitor cybersecurity programs. Follow Cybriant @cybriantmssp and cybriant.com.

Sources:

https://www.tenable.com/blog/taking-the-pulse-of-your-network-fitbit-for-security

https://www.tenable.com/blog/tenable-s-critical-cyber-controls-for-secure-systems

Download: The Modern Approach to Vulnerability Scanning

This simple ebook can help move your organization into the modern era of real-time vulnerability management!

3 Steps to Improve Network Security Threat Detection

3 Steps to Improve Network Security Threat Detection

Network security threats are continuously growing in quantity and severity. Here are three easy steps to improve your network security threat detection.


These days, working in a SOC (Security Operations Center) is not easy. According to the recent Cybersecurity Insiders Threat Hunting Report, which gathered insights from the Information Security Community on LinkedIn, detection of advanced threats remains the #1 challenge for SOCs (55 percent), followed by lack of security expertise (43 percent). 76 percent of respondents feel that not enough time is spent searching for emerging and advanced threats in their SOC. Lack of budget (45 percent) remains the top barrier to SOCs who have not yet adopted a threat hunting platform.network security threat

Cybersecurity professionals are already challenged with the daily task of defending against the increasing number of security threats, and now the severity of those attacks have increased. Nearly 52% of organizations have experienced at least a doubling of security attacks. Over 28% of respondents say that the severity of the cyber-attacks has increased by at least 2 times in the past year.

In another network security threat detection survey, 75% of respondents say they are unsatisfied with their organization’s ability to detect and investigate threats.

What does this mean for you and your organization? What if you don’t even have a SOC, and definitely don’t have the people on board that would know how to look for a network security threat. If you are ready to improve your network security threat detection, we’ll help walk you through the options.

Network Security Threat Detection? Start with a SIEM

Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

A SIEM is used differently based on the perceived outcomes and benefits of the tool. The top reasons organizations purchase a SIEM is as follows:

  • Compliance reporting obligations
  • Log management and retention
  • Continuous monitoring and incident response
  • Case management or ticketing systems
  • Policy enforcement validation and policy violations

To understand more about SIEMs, please go to our SIEM FAQ page. If you want to know about Managed SIEM, please go to our Managed SIEM page.

Here’s the kicker about your SIEM, many of our clients follow the path of attempting to implement and operate a SIEM on their own only to learn later that their resources do not have the proper experience, or the bandwidth to acquire it, in order to effectively use the tool. Additionally, for most small to mid-sized organizations, when you do the math, it rarely pencils out to be more cost-effective to deploy and manage a SIEM with in-house resources.

Another kicker, if it the SIEM isn’t implemented correctly and fine-tuned to your organizations specific business needs, you might find yourself in alert/notification hell. In fact, even if you outsource to certain security providers, they may only FORWARD you an email of those notifications, without providing details on the alarm, or potential fixes.

network security threatYes, you need a SIEM. If you need help walking through the options for the BEST SIEM, let us know. We have some very experienced SIEM experts on hand that will help you walk through the options, and the best steps moving forward. Our staff works with different SIEMs 24/7 and we DEFINITELY have some opinions about the ones we like best and that get the best results.

If you have a SIEM in place, you are on the right track to improving your network security threat detection.

Network Security Threat Detection is still all about People Process Technology

You may want to take a step back and look at your overall cybersecurity policy to include people, process, and technology. We talk a lot about the NIST Cybersecurity Framework.

The cool thing about having a framework is that when you bring on a new product, service, or tool, you can align it with your goals, test the product and verify that the management of the product is appropriate. Read more about people, process, and technology in cybersecurity here.

Here are the 3 Easy* Steps to Improve Your Network Security Threat Detection

# 1 – Identify Your Assets

An asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets which represent your modern attack surface, including cloud, containers, web applications, and mobile devices. Most SIEM products have an option to help identify assets, but many times only a complete vulnerability scan can truly identify every asset on your network. You can proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.

#2 – Monitor, Monitor, Monitor

When your team has a baseline understanding of what is normal behavior in your organization, you can analyze patterns and identify anything that seems out of the ordinary. This should be done on a  24/7 basis unless your company’s email, website, and networks shut down except during business hours. Once our team is training on your system, we have an intimate knowledge of your environment, your employees’ behavior, so we can detect not only with the SIEM technology but with our expertise if we discover an anomaly based on behavior.

#3 – Vulnerability Scanning

Did you know that performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities? The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed. We go into detail about the modern approach to vulnerability scanning in our ebook. Download here: https://www.cybriant.com/modern-approach-to-vulnerability-scanning-2/

*If these steps do not seem easy, please contact us for a consultation. We offer a complimentary cyber risk analysis where one of our security experts will talk to your will give you a professional assessment of the general health of your security program.

If Network Security Threat Detection is a concern Cybriant’s complimentary Cyber Risk Analysis will show you the value a Cyber Risk Assessment could provide. Our targeted questionnaire based on the NIST CSF Framework will allow our risk experts to evaluate key indicators of your security program and give you a broad look at where your organization stands.

Complimentary Cyber Risk Assessment

Infographic: Vulnerability Scan vs. Penetration Test

Infographic: Vulnerability Scan vs. Penetration Test

With recent cybersecurity attacks like WannaCry making international headlines, it may be time to revisit your organization’s cybersecurity policies. No matter your size, all organizations should regularly check their network and systems for vulnerabilities that can allow outsiders to have access to your critical data.

There are two methodologies to do this – Vulnerability Scanning and Penetration Testing.

For more information, please go to the recent article, “Does your business need a Vulnerability Scan or a Penetration Test? Here’s how to tell.” by Andrew Hamilton, CTO of Cybriant.