Let’s talk about an integrated security experience. Many of our customers are in various stages of cybersecurity maturity:
- No formal security program
- Point solutions/tools for basic controls
- Pockets of expertise
- Aligned to frameworks
- Documented controls
- Begins to integrate signals for faster response
- Intelligence driven response and recovery
- Organization wide emphasis
- C-suite sponsorship
- Continuous improvement through innovation
- Aims to be predictive
- Trusted intel sharing
But what is the goal at the end of the day as you move up the maturity model? Some people may say “to be secure.” The problem with that is there is no checkbox for “you are secure.” So, the question customers must ask themselves is, am I secure enough? If you look at the security model and say, no, I’m not mature enough, I’m not predictive enough – how can I improve that? Then there is almost a limitless number of investments you can make into security. But how do you know where to invest and what is the real strategy behind those investments?
One of the frameworks you can take up is to switch the question from a defender’s dilemma and into an attacker’s dilemma and ruin the attackers, economic model. There are a few components you can put together to drive that outcome.
Break the known attack playbook
To decide where to make the investments, you can try to be predictive and see what some of the known attack playbooks (e.g. phishing, ransomware) are in use and break them down. Take a look at the opportunities to disrupt those plays. Can you identify what that play is and how to disrupt it? Different plays require different options so that you can proactively take the time to raise the cost to the attacker.
Agile response & recovery
If the attacker gets past the first line of defense, have a next line of defense that’s ready. Assume breach as an approach to thinking like the attacker. As you start to proactively identify what is the targeted asset, what is the threat to your company? What are the attack vectors your company is most vulnerable to? What are the trends you are seeing? You can then start to answer how to set up your response and recovery against those playbooks in an intelligent and holistic way.
Eliminate other attack vectors
This can be done as you’re able to over time or you can pivot very quickly towards future attacks. The better you get at the first two pieces, the more components you have in play to make up the puzzle to get here. Nobody really knows what those other attack vectors may be, but to be very solid in breaking the known attack playbook and agile response and recovery will help set you up for success, because similar components may be used.
Where do I start?
We have a series of Security in a Day Workshops in April and June (schedule for June coming soon) at our local Microsoft Technology Centers where you can spend the day digging into different risk profiles and learn how to strategize your move up the maturity model. Our Microsoft Security partners will cover the why, the how, and strategies to dig into the attack profiles and how to mitigate those risks so that you can build your integrated security experience. Find a local event near you or click on the link down below: