The world of cybersecurity is in constant flux, demanding adaptive strategies from organizations of all sizes. Recently CyberProof CEO, Tony Velleca sat down with Dave Bittner, host of Cyberwire Daily podcast to shed light on critical cybersecurity shifts, from the evolving concept of the “single pane of glass” to the rise of new risks and the transformative role of AI. Here are some of the main points from their conversation:
Optimizing Security Spend
For years, the “single pane of glass” metaphor in cybersecurity referred to the idea of bringing all security information into a SIEM within a Security Operations Center for defensive purposes. However, Velleca suggests this concept has matured significantly. Today, it’s not just about defense but also about proactive and even predictive measures.
The core challenge now is to optimize security spending. The single pane of glass should guide organizations on “what’s the best dollar next dollar spent to reduce my cyber risk”. This involves analyzing whether to invest in reducing attack exposure, building new detection rules, or enhancing threat intelligence. The aim is to optimize spend for maximum risk reduction.
Tailoring Risk and Identifying New Threats
A crucial insight is that risk needs to be tailored to each organization. Not everyone’s glass is created the same. Companies must identify their riskiest assets, often referred to as “crown jewels,” and understand their specific risk profile. The old model of trying to quantify risk in a fixed dollar amount is seen as failing because nobody can truly tell an organization how much risk they are carrying.
A significant shift in focus has occurred regarding what constitutes risk. Previously, the primary concern might have been regulatory fines. Now, the focus has moved to the risk of a major ransomware breach. This change is underscored by current global events, such as the Ukraine war and Middle East conflicts, which have brought a lot of focus on operational technology and the capabilities to attack these systems. These attack capabilities are expected to flow down to cybercrime, potentially leading to major impacts to day to day operations of places like manufacturing sites or even hospitals.
To navigate these new risks, Velleca notes that the MITRE ATT&CK framework has provided a common language and structure to understand adversary tactics and techniques, moving beyond a simple focus on compliance. Understanding and categorizing cyber threats can be tough because of the many complex tactics adversaries use. The MITRE ATT&CK matrix makes this easier by providing a detailed, standardized framework that maps threats based on their lifecycle and how they’re executed. This framework helps security analysts track adversary behaviors through different stages of an attack, making threat detection and response more systematic and effective.
The Rise of Continuous Threat Exposure Management (CTEM)
To address the balance between compliance obligations and real-time risks like ransomware, the industry is seeing a strong focus on Continuous Threat Exposure Management (CTEM). While threat intelligence reports are plentiful, the key is to operationalize that in a way that I can prioritize my exposures.
CTEM involves:
- Focusing on threat actors relevant to your industry, location, and technology.
- Understanding their campaigns and tactics at a granular level.
- Knowing where your organization is exposed to those specific tactics and techniques.
Furthermore, organizations need to understand their defensive capabilities—whether their Security Operations (SOC) teams, even those using outsourced providers, can actually detect the threats they need to see.
The Dual Impact of AI on Security
AI is undeniably a hot topic, and its role in cybersecurity is twofold:
- AI for Security: This is the exciting side, where generative AI and purpose-built agents are rapidly taking off. These agents promise to offload tasks like threat hunting and level 1 SOC functions, helping security teams solve problems that current analytical tools might create.
- AI in Security (Protecting against AI): CISOs have a critical opportunity to lead by laying the foundation for solid frameworks, like OWASP’s Top 10 for LLMs, early on. This proactive approach is essential because the AI landscape is changing so quickly, akin to a cold war.
Velleca highlights that CISOs are uniquely positioned to take leadership roles because their jobs inherently require understanding regulatory compliance, technical aspects, and business implications.
Achieving a Well-Managed Estate
For large, sophisticated enterprises, success in cybersecurity means having a “well-managed estate”. This involves:
- Knowing all assets are under management.
- Being able to make sense of a complex environment.
- Leveraging continuous threat exposure management and attack surface prioritization.
- Ensuring the SOC can see everything it needs to see.
This well-managed estate isn’t about one-time governance, but a continuous process. A common challenge, however, is that security teams often have the responsibility for security but not direct ownership of the teams (like software development) that implement fixes. Therefore, gaining leverage and working effectively with other teams is critical.
Words of Wisdom for the Overwhelmed
Cybersecurity professionals often feel overwhelmed, regardless of their experience level. Velleca’s advice for those just starting, or feeling overwhelmed, is practical: “step back, take a look at the landscape, pick your priorities, take a deep breath and… execute”. Execution is key, and it’s understood that errors will occur in such a rapidly changing field.
Finally, effective communication is paramount. Security professionals must learn to shift from technical conversations to more business-oriented discussions. In a constantly innovating field, staying ahead means embracing new frameworks, prioritizing smartly, leveraging new technologies like AI, and, above all, executing with clear communication.
Listen to the full Cyberwire Daily podcast episode to learn more.