business need

environmental drift detection

A fundamental challenge for cybersecurity is that it is burdened with the responsibility of protecting the environment without the corresponding authority to control it.
controls
effectiveness
optimize &
rationalize
environmental
drift detection
understanding
risk

THE CHALLENGES OF A DYNAMIC ENVIRONMENT

A fundamental challenge for cybersecurity is that it is burdened with the responsibility of protecting the environment without the corresponding authority to control it. The business environment is dynamic, and changes to IT and network configurations are continuous. Even in organizations with rigorous change management processes, all parties must fully understand the scope of a change, clearly communicate its impact and ultimately execute on it with 100% perfection.
“The environment is never going to be the same as it was the previous day. Instrumentation allows us to constantly test our environment and know if a control we put in place is no longer functioning because of a change. It's a game-changer.”
STEVEN EDWARDS
SOC Manager
United American Life Insurance, a member of Torchmark Corporation

THE CHALLENGES OF A DYNAMIC ENVIRONMENT

A fundamental challenge for cybersecurity is that it is burdened with the responsibility of protecting the environment without the corresponding authority to control it. The business environment is dynamic, and changes to IT and network configurations are continuous. Even in organizations with rigorous change management processes, all parties must fully understand the scope of a change, clearly communicate its impact and ultimately execute on it with 100% perfection.

“The environment is never going to be the same as it was the previous day. Instrumentation allows us to constantly test our environment and know if a control we put in place is no longer functioning because of a change. It's a game-changer.”
STEVEN EDWARDS
SOC Manager
United American Life Insurance, a member of Torchmark Corporation
Common misconfigurations are undercutting cybersecurity effectiveness

These continuous changes are called "environmental drift"
This drift can have devastating and often unnoticed consequences to cybersecurity’s ability to effectively prevent, detect and respond. Environmental changes impacting cybersecurity effectiveness include:
  • Network span-port and tap changes impacting visibility
  • Segmentation that weakens or disappears over time as ACLs, policies and FW rules are edited
  • Equipment that is moved or disconnected
  • Signature updates that accidentally wipe out custom content
  • SIEM correlation rules that go stale as the events being generated by detection sensors are retired/replaced
  • Group Policy changes that have unintended consequences
  • Sensors' events that no longer make it to the SIEM due to a change in FW policy
  • Configurations for load balanced proxies that fall out of sync
  • And on and on…
Common misconfigurations are undercutting cybersecurity effectiveness

These continuous changes are called "environmental drift"
This drift can have devastating and often unnoticed consequences to cybersecurity’s ability to effectively prevent, detect and respond. Environmental changes impacting cybersecurity effectiveness include:
  • Network span-port and tap changes impacting visibility
  • Segmentation that weakens or disappears over time as ACLs, policies and FW rules are edited
  • Equipment that is moved or disconnected
  • Signature updates that accidentally wipe out custom content
  • SIEM correlation rules that go stale as the events being generated by detection sensors are retired/replaced
  • Group Policy changes that have unintended consequences
  • Sensors' events that no longer make it to the SIEM due to a change in FW policy
  • Configurations for load balanced proxies that fall out of sync
  • And on and on…
"Verodin is helping me as a CISO answer questions that have really been impossible to answer. It gives me insights into if my security program is operating on top of the broader IT platform the way I expect it to be."
JAY LEEK
Former CISO, Blackstone
Managing Director, Clearsky

Advanced environmental drift analysis (aeda)

Continuous test execution is not enough to detect environmental drift. A complete analysis of test results compared to a known-good baseline is needed. Customers need to know more than if a threat is still being blocked or not. They need a full analysis of what it takes for defenses to be successful:

Automated and continuous analysis of this Effectiveness Validation Process (EVP) compared to the known-good baseline across a customer's business zones is exactly what AEDA does. Think of AEDA as a "team of engineers in a box," constantly analyzing the environment for drift and proactively bringing it to your attention before it is too late.