Event over – thank you for attending, here’s a summary of what we had.
Visibility is considered the basis of progress as it enables monitoring and optimizing security improvements. However, the way most organizations currently approach visibility is insufficient.
Advanced security teams are measuring visibility and predicting risks related to assets using scientific methodologies.
- At the base of such an approach is a shift from thinking in ‘assets at risk’ to ‘attack graphs’, and from ‘siloed vulnerabilities’ to ‘attack scenarios.’ This approach provides much needed context that dramatically improves risk mitigation capabilities.
As unknown vulnerabilities are being discovered every day, it is impossible to predict the next exploitation. However, focusing on complete attack routes, rather than specific vulnerabilities, increases the chances of blocking attack scenarios that lead to the organization’s crown jewels.
- Using graph theory and the right calculations, security teams can identify the most probable routes an attacker will take (i.e., high business impact, low hacking effort) and strategically block these routes in the most cost-effective way (i.e., high business risk, low mitigation efforts).
- The new approach expands visibility from siloed organizational threats to the entire ecosystem, including risks from third-party vendors (who are usually at the bottom of the security “to-do” list).
Watch industry experts discuss the recommendations from the accompanying whitepaper on security visibility, including the next steps for your organization to define, measure, and predict your own cyber visibility and risks.
Read CYE-sponsored SANS report on “Making Visibility Definable and Measurable“