Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management.

data analytics / risk assessment / tracking data or trends
ipopba / Getty Images

All the ‘formulas’ used to calculate risk management tend to have 5 components to them: 1) The likelihood of an incident, 2) The impact of an incident, 3) The value of an entity/asset, 4) The vulnerability of an entity/asset, and 4) Threats to that entity/asset.  Information about these 5 inputs is used to decide where (and how) organizations approach risk mitigation.

These considerations are factored into cybersecurity planning and strategy.  Business managers help decide the value of entities/assets and the impact if these entities/assets were degraded, stolen, or unavailable.  Security, IT, and risk teams collaborate on the likelihood of an event that takes entities/assets offline.  Finally, security teams work with IT operations on threat and vulnerability management.

Over the past few years, security technology has seen massive changes on the threat management side with eXtended detection and response (XDR), driven by the need to improve security efficacy and operational efficiency.  As a technology architecture, XDR is intended to unify data sources, visibility, and analytics for threat prevention, detection, and response. 

With the move toward XDR, the industry recognized the need for data and tools integration for threat management.  Unfortunately, this same type of integration and consolidation hasn’t been nearly as active on the vulnerability management (or security hygiene and posture management) side.  To be clear, I’m not just talking about traditional vulnerability management tools.  Rather, I’m referring to a much bigger picture—the ability to discover all entities/assets (i.e., users, accounts, applications, systems, sensitive data), view the relationships between all entities/assets, and understand the security posture of all entities/assets (i.e., software profile, configuration status, integrity, compliance with corporate policies, etc.).  Think CIS Critical Security Controls at scale. 

This information is the basis for cybersecurity decision making—risk mitigation, what needs protecting, how we spend budget dollars, etc.  Without comprehensive visibility, we are making critical security decisions based on guesswork.

To continue reading this article register now

Microsoft's very bad year for security: A timeline