Believe it or
not, just a couple of weeks ago, I signed the contract for my 18th
book. I just started writing the
manuscript for it a few days ago, but now it is being bumped into my 15th
book. I am hoping to get it done by the
early summer. Interestingly enough, the topic
is about Generative AI, and how that can be used to help improve the security metrics
that are used in Cybersecurity today.
No doubt
there are many of them, but the two key ones that I plan to focus on are what
is known as the “Mean Time To Detect” (also known as the “MTTD”) and the “Mean
Time To Respond” (also known as the “MTTR”).
Although the
definitions to them can vary and be complex, in simpler terms, the former
refers to how quickly (or slow) the IT Security team is in detecting an
imminent threat, and the latter refers to how long it takes for them to contain
and/or mitigate it.
Astonishingly
enough, it takes on average 270 days for an IT Security team to control an
imminent threat. To you and me, this
seems to be unfathomable, but it’s true.
The source in which this information is available can be seen at the link
below:
https://www.mend.io/blog/securing-the-software-supply-chain-mend-open-source-risk-report/
Because of
this, it is the MTTR that is becoming a very key metric to the CISO and its
higher ups today. You may be asking at
this point, why is this metric so bad?
Here are some reasons for it:
*With the
advent of AI, many new innovations are proceeding at a very fast pace. In fact it is so quick that many IT Security
teams of today simply cannot keep up with what it takes to secure them. And, this trend is only expected to quicken
even more. Many more tools are being
used, such as Virtual Machines (VMs) and the like. This can also be technically referred to as “Sprawl”.
*There is the
issue of context. With so many new
products and services being AI driven, the sheer number of false positives is
becoming totally numbing. Although AI can
also be used in this regard to only present the real and legitimate threats to
an IT Security team via the SIEM, it still takes time to have to manually
configure all of this. By spending more time
on this effort, much less resources are dedicated to actually fighting off the
threats that are already present.
*Many
organizations lack a cohesive Vulnerability Management program that can be
easily deployed and enforced. Because of
the lack of this, just like the false positives, there is a very strong blur as
to what can even be considered to be a vulnerability or not. For instance, only 33% of them can be deemed of
a critical nature. So that leaves about
67% of them that are not real. So how is
an IT Security team supposed to filter through all of this?
(SOURCE: https://www.edgescan.com/intel-hub/stats-report/)
To make
matters even worse, there has been recorded a mind blowing 25,082 total number of
vulnerabilities, which represents a staggering 24% increase from the previous
year.
(SOURCE: https://www.cvedetails.com/browse-by-date.php)
So given
these dire situations, what can you, as the CISO of your business do help improve
your MTTR metric? Here are some steps to
start with:
*Conduct a
comprehensive Risk Analysis: I have
always been a huge fan of this. With
this approach, you are inventorying all of your assets, both physical and
digital, and ranking them according to a Vulnerability Scale. There are already frameworks that are out
there to help you do this, most notably from CISA and NIST. By doing this, you can also examine what you
truly need and don’t need. In turn, this
will help to reduce Sprawl, which will then decrease the amount of
vulnerabilities that in the end you have to manage.
*Examine your
Triaging Structure: See what you have in
place right now, and determine if it is really working or not. If it is not, then you and your IT Security
team will have to produce a way to either improve it or replace it in its
entirety. But whatever you end up doing,
test it in a sandbox environment first before deploying into your production
environment.
*Be proactive
it: Once you have done the above two
things, make sure that you keep a proactive watch on how your MTTR is
doing. Keep measuring on a regular
schedule, because after all in the end, being the CISO, you will be ultimately
held responsible for it.
My
Thoughts On This:
The above are
just some steps that you can take, and of course, as things evolve (especially
with AI), there will be other actions you need to take as well. But one of the big benefits of a lower MTTR
is that your C-Suite will be more prone to give you a higher budget – in the
name of keeping the business safe.
Also, keep an
eye on my new book. It will actually
discuss how a Digital Person can help your IT Security team in bringing down
your MTTR.
No comments:
Post a Comment