From the CISO to the SOC operator, defenders struggle to maintain complete situational awareness. Holistic approaches to risk management require the implementation of a manageable number of policies and procedures but are tied to an often unmanageable and misunderstood ecosystem of tooling and controls. These inefficiencies are laid bare in frequent public breach reports and are the result of a threat landscape that is increasing in volume, complexity, and novelty.
We fail to leverage the natural relationships between cyber risk capability areas by segmenting – rather than fusing – activities in sense-making to their individual domains.
Our organizations and the information environments within them are living, breathing organisms; the network is their nervous system. Just as the fingers cannot type without a signaling pathway between the brain and hands, an attacker cannot remotely exploit a system without a network that connects the two. The network presents our best opportunity to understand the interactions which link our application of risk management strategy. Our ability to protect, detect and respond is less about strict controls enforcement or monitoring…
