CISOs are now strategic partners in business performance, charged with translating security outcomes into business value that non-technical people can understand.
For example:
- How well does our tech stack defend against adversary TTPs?
- What’s the impact on the business?
- What more can we do to reduce our exposure?
Being able to measure and quantify the effectiveness of defenses in terms of business value is what justifies an investment and is core to what CISOs do.
So, what are security solution providers doing to support CISOs in this mission? Let’s explore what Tidal Cyber can do to help.
Enriching Heatmaps
Vendor-provided MITRE ATT&CK® heatmaps help CISOs understand what individual products in their defensive stack do. However, CISOs need additional information to support business discussions.
- A comprehensive view of coverage. Leading security products often have a thousand or more distinct defensive capabilities. Specifics on what each of these capabilities do, correlated to how the tool is configured in your environment is crucial. Policy settings have a significant impact on the tool’s effectiveness in protecting against specific threats. Also, tools don’t operate in a vacuum. It’s important to understand what your combination of tools, as they are configured, are doing in aggregate. A gap in one tool’s coverage may be okay if another tool fills it.
- Mapped to control frameworks for compliance reporting. Specifics on how capabilities and configurations map to control frameworks, such as the NIST Cybersecurity Framework, are crucial to ensure compliance. The manual effort required to cross-check frameworks with controls in place makes it difficult to understand the efficacy of your Governance, Risk, and Compliance (GRC) program and report with confidence that the organization is compliant.
- Tied to your threat profile. Heatmaps provide a yes/no measure of coverage or, best case, how the product detects a specific technique. However, they don’t account for the complexity of a technique caused by procedural details which can leave you open to risk. There’s also no correlation to whether the technique is being used by a threat actor that is relevant to your sector, nor how frequently that technique is used. It’s impossible to know if the time and money you’re investing in products to close gaps is being directed to protect against real risks to the organization.
Making the Business Case
The Tidal Cyber Enterprise Edition platform helps CISOs justify defensive investments by making it easy to clearly demonstrate ROI and risk reduction. It starts with getting an accurate picture of your organization’s inherent risk – the risks to the organization before any controls are in place.
The ATT&CK knowledge base is the foundation for how we categorize threats, supplemented with additional cyber threat intelligence (CTI) the Tidal Cyber platform ingests from other OSINT sources and third-party threat intel feeds. We create Threat Profiles specific to your sector and weight techniques based on relevant risks to give you an accurate picture of your inherent risk.
On the defensive side, we work with vendors to maintain a database of capabilities, at a granular level, that exist within their security tools. The platform automatically correlates capabilities to threat actor behaviors, as defined by MITRE. This cyber defensive intelligence (CDI) shows what configurations need to be turned on to defend against these techniques and sub-techniques, down to the procedural level. The platform also automatically maps capabilities and configurations to control frameworks to illuminate alignment with your GRC program.
With this foundation, CISOs are able to measure and demonstrate the effectiveness of defenses in terms of business value, including ROI and risk reduction.
Optimize ROI of security investments: The platform correlates Threat Profiles with your defenses as they are configured and in aggregate, to generate an accurate Coverage Map with a confidence score to show how well you are protected against inherent risk and the residual risk that remains from these threats. Within a few minutes, our Recommendation Engine identifies best actions to take to optimize security investments, including:
- How to optimize ROI for existing defenses by turning on a configuration in a tool in your stack to reduce threat exposure.
- When you should add a new tool or replace an existing tool in your defensive stack to fill a gap, along with data to justify the investment.
- If there’s an opportunity to reallocate funds by eliminating redundancies and retiring tools.
Demonstrate regulatory and compliance status: The platform contextualizes your defensive stack within control frameworks and provides continuously updated Coverage Maps that support GRC control assessment. You can:
- Proactively identify risk within your GRC program.
- Take actions to bridge gaps in GRC controls and ensure compliance with regulations and frameworks.
- Respond to audits promptly.
Staying Vigilant
Our platform integrates with offensive security tools like Breach Attack Simulation (BAS) tools to validate that changes made to optimize the organization’s defensive posture—through configuration changes or a new tool—are effective.
As threat intelligence and security products are added or updated, the Coverage Map recalculates where the organization is covered and where it is exposed, automatically. When there’s an opportunity for additional risk reduction, the Tidal Cyber platform provides actionable recommendations to effectively detect active threat behaviors along with justification for the investment.
With Tidal Cyber, CISOs can prove the business value of existing defenses and justify where further investment is needed.
Do you want to know if you can defend against the latest threats, TTPs, and adversary behaviors? Tidal Cyber can help you look at your Coverage Map to ensure that your defenses are effective and, if not, understand how to reduce your exposure. Contact us to see how.