Plus, an Attack Surface Management Alternative that Actually Does What it Promises
Context is King
Every security operator is fundamentally aware, regardless of their background, that context is king in Cyber. As a SecOps team, information constantly saturates operators, often well beyond their means. Most teams implement processes that assimilate this information into alerts bypassing early-stage investigations and explorations that could explain the event.
But they’re missing something essential to the kill chain: most primary sources for alerts lack critical data around the intention of the attack, style, and end states.
Missing information can translate into errors in detecting, assessing, and handling an event, leading to a more problematic or endemic situation.
Many IT teams are stuck relying on a “ground truth” that’s based on false or incomplete information. Despite having access to all of the right information, the load remains overwhelming and any perceived addition towards a speed of response or reduction in the time to detect is seen as a win.
You think you know what’s going on? You’ve got no idea.
“SOAR Automation” from SIEM is Nothing But Cyber Security Theater:
The theater is a prestigious art form: settings, characters, plots. Nothing beats a good story…unless that’s all your ASM is giving you. Unfortunately, most ASM tools are just that: Security Theater. You’re the white knight, they’re the bad guys. Big events are being solved by cutting-edge technology.
You’re being lied to.
Your HUD is HAK’d. You’re relying on stale info. ASM tools mean to replace and automate, when in reality, they only give you the appearance of fixes, rather than actually solving any fundamental problems. Grasping at straws to hopefully stave off exploitation for another day.
Take charge of your security situation by enabling your team to drill down into each aspect of the customer ecosystem. Find what is going on at a wire-level, and align this against the business use cases that are best tailored for the customer.
Enough of this “one size fits none” approach to cyber resilience. It doesn’t work. ASM doesn’t work.
Attack Surface Management Alternative
Cool GUI – What Does it Mean?
You can’t fight the things you can’t see. And just like context, visibility is everything. Without full observability of your security landscape, you’re dead in the water. Maybe not outgunned, but surely out-maneuvered by the invisible forces against you and your customers.
The best way to get back in control is by being able to fully map out all the applications, agents, and appliances that are under your SLA. Fancy Dashboards, Hollywood GUI’s, and UX’s that make your Minority Report wet dreams come true are only there to give you a sense of legitimacy.
ASM tools are lying to you. With the right buzzwords and a sexy UI, it’s easy to make money off of snake oil, smoke, and mirrors.
If your dashboard is pretty enough, maybe no one will notice the data in it is wrong.
It’s only when you start to scratch behind the fancy graphs and strobe effects that you see that what’s interpreted is dated, inaccurate, or worse–threats already underway.
Attack Surface Management vs. Attack Surface Analysis
So…what’s behind the surface? How do you get there? How do you determine which tools are crap which are essential?
It’s all in the name.
Attack Surface Management is just that: managing the symptoms, rather than getting to the root of the problem. While you’re able to see the number of errors and alerts in most ASM programs, you aren’t given the full story: why those alerts are there, what they signify on a deeper level, and why they matter.
This translates into dealing with surface-level symptoms, rather than addressing the root problem.
Context is missing…and that’s a critical problem.
Attack Surface Analysis goes deeper. Analysis is about understanding the underlying conditions.
“Oh, you have terrible firewall configurations because you’re managing 400 different appliances and products across 6 different time zones. Yea, no wonder you’re screwed up.” – That’s analysis.
Because context is crucial in cybersecurity, analysis is a huge piece of the puzzle because it gives you accurate visibility into not just what’s happening, but why it’s happening, and why it matters.
ASM’s are only able to give you a single dimension of information, from the outside looking in. ASA, on the other hand, gives you the fullest possible picture. Every source of information provides value, with the right context, framed in the right way.
CybernetIQ’s Attack Surface Analysis platform, CLAW, merges both the outside and inside view into a single lens. Done properly, (our way) teams can perceive the entire corporate attack surface, view the internal intersection points, and understand the impact points that will affect the organization the most.
If you’re tired of a one-dimensional view without context, let’s talk about how ASA can get you to the next level.
