CISOs / Providing a cyber-security services framework
Providing a cyber-security services framework
11 February 2019
How CyberProof’s next-gen services clarify risk and investment to help solve your organisation’s cyber-security needs.
CyberProof is a security services company whose mission is to manage cyber-risk for enterprise organisations by providing pioneering, next-generation services and technologies that adapt to the evolving threat landscape.
Let’s have a look at how CyberProof meets the challenges of providing organisations with stronger cyber-resilience in an increasingly complex threat environment.
Stuck between the threat landscape and security performance issues
Organisations working to improve their cyber-security profile are faced with multiple external threats and challenges. At the same time, they are coping with a range of significant internal security performance issues.
Challenges to cyber-security
Some of the more significant external threats and challenges facing today’s organizations include:
- Cyber-crime – the number of cyber-attacks continues to increase, partly due to its growing profitability. According to ISACA’s State of Cybersecurity 2018 research, 50 per cent of security leaders surveyed say they have seen an increase in attack volumes.
- Digitalisation – digitalisation is no longer a luxury, it’s a matter of business survival. Even well-known and established businesses are offering new services on top of their core businesses. But the constant pace of change is inherently challenging.
- Regulations – new data-privacy rules impose stricter regulations on organisations hosting and processing personal data. But few organisations have measures in place to comply with these regulations.
Internal challenges that impact security performance
Beyond these external challenges, organisations are also coping with internal challenges that directly impact security performance, including:
- Processes – A Gartner report published earlier this year points out that many organisations are implementing DevOps processes. But these methodologies uncover new challenges, as the increased pace of application releases places a strain on the ability to maintain application security robustness.
- People – There’s a scarcity of talent globally, according to the (ISC)2 Cybersecurity Workforce Study (2018). The cyber-security job gap grew to almost three million in 2018 – up from 1.8 million in 2017. And there’s also burnout: alert fatigue, routine tasks, and a complex and ever-growing technological stack lead to stress and attrition.
- Technology – Once upon a time, everything was behind a firewall. Now the surface area includes mobile, the cloud, the internet of things – which makes organisations exponentially harder to protect.
Improving prevention while upshifting detection and response
Most organisations invest up to 80 per cent of security spend on prevention. That means they invest very little in detection and response. But the bad guys manage to break through anyway.
The logical conclusion is to shift the investment focus away from prevention toward detection and response.
A holistic approach to cyber-security risk management
CyberProof’s fundamental approach to cyber-security involves clarity of risk and investment. Our risk management platform involves several basic components that interact and overlap, creating a holistic and optimally effective solution:
CyberProof's approach to cyber-security risk management
- “Tuning” prevention and increasing detection, so that the necessary response will be minimal – our philosophy aims to help customers balance prevention, detection, and response.
- Simulations and streamlined operations – Breach and Attack Simulation (BAS) simulates the techniques, tools and procedures of real-world attackers.
- Security Operations Analytics and Reporting (SOAR) streamlines security operations by leveraging external and internal intelligence for accurate prioritisation.
- Risk management driven by threat intelligence – all CyberProof services are based on customer-tailored threat models.
- Automation and orchestration – BAS offers pervasive, accurate, high-frequency prevention while SOAR offers prompt, accurate detection and agile, efficient response, thanks to high-level automation and orchestration capabilities.
The bottom line is that as important as it is to invest in prediction and prevention, it’s just as crucial to invest in detection and response. And handling both of these aspects of security effectively requires a sophisticated and integrated approach that leverages BAS and SOAR technologies, threat intelligence and the power of AI.
But how do you determine how to stretch and maximise your security spend? By adopting an approach that first clarifies risk and investment and then covers all aspects of cyber-protection, it becomes possible to improve cyber-resilience, optimising prevention, detection and response.
To find out more visit www.cyberproof.com.
by Tony Velleca, CEO, CyberProof