A guest writer of WEI, see Bill Frank’s biography and contact information at the end of this article.
Michael Lewis coined the term, Moneyball, in his eponymous book published in 2003 and made into a movie in 2011 starring Brad Pitt. Moneyball was about applying analytics to baseball. Billy Beane, the Oakland Athletics General Manager, was the first baseball executive to use analytics to increase the probability of winning games.
The goal of every security organization is to protect its data. This mission has become increasingly complex in the face of an expanding attack surface and increasingly sophisticated and frequent attacks waged by relentless adversaries. Effectively responding to security incidents requires the Security Operations Center (SOC) to validate alerts and provide the IR team with critical details on the scope of the threat so they can quickly and reliably remediate the issue. However, several obstacles hinder the SOC from gaining the necessary visibility to deliver this critical insight.
See Bill Frank’s biography and contact information at the end of this article.
[Note: This is an updated version of the original article posted on March 21, 2024. I replaced the term "Governance” Controls with “Performance” Controls to eliminate any confusion with the NIST Cybersecurity Framework 2.0 use of the term “Governance.”
I focus here on automated controls that monitor and measure the “performance” of “Defensive” controls that directly block threats or at least alert on suspicious activities.
How well are your cybersecurity controls performing? Measuring control efficacy is challenging. In fact, under-configured, misconfigured, and poorly tuned controls, as well as variances in security processes are the Achilles Heels of cybersecurity programs.
A mismatch between risk reduction potential and performance results in undetected threats (false negatives) as well as an excessive number of false positives. This leads to an increase in the likelihood of loss events.
All controls, whether people, processes, or technologies, can be categorized in one of two ways – Defensive or Performance.
This is the first installment of a two-part series dissecting the Left of Bang strategy and mindset and how it applies to modern cybersecurity practices. Click here to read part two.
Cybersecurity threats, including ransomware, malware and phishing, continue to grow and evolve, increasing risk for businesses of all sizes and across all industries. According to the World Economic Forum’s 2023 Global Risks Report, cybercrimes rank among the top ten global risks, ahead of the natural resources and debt crises, prolonged economic downturn, and the use of weapons of mass destruction. With 91% of respondents in the 2023 Global Cybersecurity Outlook study reporting that a “far-reaching, catastrophic cyber event is at least somewhat likely in the next two years,” organizations need to do more to keep pace with the diverse, ever-changing threat landscapeto better manage cyber risk.
Email is a vital part of our lives, both for business and personal communications. However, this integral tool is increasingly vulnerable to malicious attacks by cybercriminals aiming to steal credentials, confidential data, or funds. To protect against these complex threats, companies need a robust multi-layered security measure in place when handling emails.
Over the last decade, the topic of cybersecurity has shifted from being a technical subject to a mainstream topic impacting every facet of the organization. As cyberattacks become increasingly more sophisticated, frequent and disruptive executive leaders now face a new complex blend of issues, including economics, business processes, and psychology.
Regardless of the subject, there’s no one better to learn from than the experts. With this thought in mind, we recently held a cybersecurity webinar featuring Kevin Mitnick, a famous hacker and New York Times bestselling author, James Morrison, a HPE Distinguished Technologist and a former FBI agent, and our own Greg LaBrie, an enterprise security industry veteran and our Vice President of Technology Solutions and Services.
In the last six months, the fear of cyberattacks has grown significantly, largely due to several high-profile incidents that left enterprises struggling to deal with the fall out and the general public fearful of the next attack.
To stay competitive and fulfill customer needs, today’s enterprises demand unparalleled availability and resiliency in all aspects, including data centers. At the same time, the attack surface is growing ever larger through rapid digital expansion, and cybercriminals are becoming more sophisticated day by day.
As a result of advances in digital technologies, such as software-as-a-service (SaaS) and other tools with increased traffic demands, many IT teams are now in the process of replacing outdated WAN infrastructures that can’t keep up with modern requirements. The latest solution is software-defined wide area networking (SD-WAN).
