The Undeniable Power of Context-Driven Preventive Security
By Glen Pendley, CTO
Security teams receive hundreds of security alerts daily, which they then have to parse through to differentiate real issues from false positives and prioritize based on limited context. Part of the problem is the security industry has created point solutions that address one specific aspect of the entire cybersecurity equation, rather than thinking holistically about security. As a result, security teams typically manage a mismatched set of technologies, each with their own analytics and reporting capabilities, leading to duplicate and ineffective programs with no clear path forward to tangibly reduce risk.
Simply put, reactive approaches to security aren’t enough to effectively manage security risk nor do these approaches address the root causes of cybersecurity breaches – unpatched known vulnerabilities, cloud misconfigurations, unrestricted privileges and unchecked access. Organizations that focus solely on activity data lack a complete picture of their security posture, which is like leaving your windows and doors unlocked but putting an expensive security camera in your house.
The only way to stop cyberattackers from getting into your system in the first place is to proactively remediate weaknesses and reduce cyber risk.
Securing the modern attack surface depends on understanding all of the conditions that matter in today’s complex and dynamic environments. An effective exposure management program is built on collecting data from multiple different inputs and applying the necessary depth of analytics to the full breadth of organizations’ environments. Without these elements, it’s impossible to make informed decisions that have a positive impact on risk reduction.
For example, an organization finds they have two machines with a critical vulnerability on them – which machine should be patched first? Some tools would tell the security team that both are equally bad, pose equal risk and need to be patched ASAP. Now scale this situation to an entire enterprise – what are the best next steps to reduce risk quickly?
The context provided by an exposure management platform like Tenable One helps security teams prioritize remediation efforts and anticipate threats based on actual risk. In this example, context would show that one machine belongs to a user working at the front desk and doesn’t have access to sensitive data; the second belongs to a product engineer with access to sensitive data needed for their job, but has not set up multi-factor authentication. Based on this, the security team would understand that the second machine should be addressed first.
This is a very basic example of what’s possible when an organization can bring together, correlate, measure and prioritize data that comes from preventive security tools. It all starts with shifting how we approach security. Not only does this approach enable security teams to perform to the best of their abilities and have a huge impact on risk reduction, but security teams are armed with the data needed to effectively communicate the business value of preventive security and answer tough board-level questions, such as “how secure are we?” Preventive security is a win-win-win for security teams, leadership teams and boards of directors, and customers.