When it comes to cybersecurity, perhaps the most essential “check” that cybersecurity professionals are tasked with is validation of controls. No longer are organizations being asked to simply verify that they have controls in place, but rather validate that those cybersecurity controls are effective against potential security threats. And, they need to communicate with ongoing proof that the investments being made in the technology stack are protecting the business.
As attacks and breaches become more frequent, targeted and sophisticated, cybersecurity is no longer an IT problem or a nice to have -- it is a business must have, and in today’s business world, security validation is a requirement. Why? Because without taking an evidence-based approach, organizations are not able to validate their security effectiveness, and that means they are operating on assumptions.
Want to know how you can continuously validate that your cybersecurity stack is working the way it’s supposed to? Here are five key steps you need to do NOW to validate your controls:
1. Shift from reviewing configurations to controls validation
Cybersecurity professionals have historically reviewed logs, reports, and configuration details against regulatory mandates, governance, risk, and compliance (GRC) and the like. While this provides a level of insight it is rarely empiric.
Mandiants’s Security Instrumentation Platform (SIP) (formerly Verodin) provides the ability to validate that the security controls in place are in parity with the various requirements and best practices you’re auditing. Security validation with SIP provides evidence-based reports regarding what’s working, what’s not, and prescriptive steps that can be taken to improve your cybersecurity effectiveness.
2. Move from a point-in-time to continuous security validation
Audits are a lot like a penetration test in that they give you a snapshot at a point in time of the state of your security. While this has some value, it is a legacy approach that no longer works efficiently in the complex and fast-moving world of cybersecurity threats.
Mandiant’s SIP provides continuous validation. Security validation with SIP safely executes real attacks in your production environment. This continuous validation approach where security controls are monitored hourly, daily, etc., helps to mitigate the pitfalls of environmental drift – something that was working has stopped working because of changes in system, network, application, personnel, or process somewhere on the network.
3. Transition to automated security validation
Cybersecurity professionals are not generally tasked with auditing against one mandate. In fact, most industry leaders we spoke with have responsibility for audits related to internal GRC, industry standards, best practices, and regulatory mandates. This is a manual process that is slow, methodical, and error prone – especially when multiplied across potentially dozens of different mandates.
Mandiant’s SIP validates multiple mandates continuously and automatically. This allows security professionals to “manage by exception.” When an automated test fails, against any one of the multiple mandates, the security team is notified. For example, something that was within security parameters is no longer – such as a firewall that was blocking outbound FTP access from the critical server network is now allowing it. This allows security teams to validate against many mandates with an automated approach and manage variances by exception.
4. Validate security – not assumptions
Cybersecurity teams help bridge the gap between ITand the business. They are also responsible for articulating trends related to security effectiveness trending up or down and explaining why. Without a foundational technology platform that can provide details around the value that a new DLP solution provides, the decrease in response times because of better training, or more effective threat mitigation because of process changes, most of these trends will be based on assumptions – not evidence.
Mandiant’s SIP not only validates your security effectiveness, but it trends the cybersecurity testing and validation over time. This allows security teams to see increases or decreases in security validation and effectiveness across people, process, and technology. With Mandiant’s security validation platform, SIP, security professionals can look at cybersecurity effectiveness trends from a single attack on a security control to all attacks against all controls.
5. Automated security validation
Security teams often find it challenging to get access to the resources they need to conduct their jobs. Busy co-workers don’t always have the time to grant access to the required systems, produce reports, or share logs.
Mandiant’s SIP provides an easy to deploy, use and update architecture that validates your security effectiveness continuously and automatically across endpoint, network and cloud. As a result, security teams become more autonomous with SIP and as such become more efficient and effective. SIP is designed with an intuitive interface, rich reporting, interactive dashboards and content that is frequently updated and can be added seamlessly to with the latest third party content without programming, scripting, and related skills.
Through automated, continuous monitoring and measurement against real-world attack behaviors, Mandiant Security Validation (formerly Verodin) Security Instrumentation Platform (SIP), enables organizations to achieve optimal cybersecurity performance through ongoing assessment, optimization and rationalization.
Mandiant’s SIP is highly effective at security controls validation from a technical and business perspective and is applicable to many groups within your organization including:
- Security offense (red team)
- Security defense (blue team)
- Security and related leadership (CISO, CIO, CCO, CRO)
- CEO and board
- And of course, internal audit