Authored by: Scott Register, Vice President, Security Solutions, Keysight Technologies
Cybersecurity versus cyber risk … what’s the difference? It’s easy to confuse cybersecurity and cyber risk. There’s considerable overlap between the two, but they are subtly different — and it’s important to understand the distinction.
When we think about security, we tend to think about the various threats to our networks, data, and endpoints — as well as the steps we take to protect them. However, these things aren’t quite the same as cyber risk.
Confusing, isn’t it? Here’s a simpler definition. Think of cyber risk management as minimising the probability of economic loss due to cyber events, whereas network security aims to prevent malicious cyber events from happening. For example, you might have great homeowner’s insurance which will recoup 100% of your losses if anything is stolen from your home. Congratulations! You successfully managed the risk of economic loss from theft. In contrast, securing your house means you need to make sure you locked all your doors and windows and set the alarm each time you leave the house.
Can improving security mitigate cyber risk?
Risk management can be expensive. Nothing in this world is free — and insuring your enterprise against cyber threats is no exception. But that doesn’t mean you can’t use the overlap between security and cyber risk to your advantage. After all, one of the outcomes of good network security is improving your cyber risk management.
So, what can you do about this? Here are three actions you can take right now.
Reduce Your Security Information and Event Management (SIEM) Alerts – And Know Which Ones to Investigate
Typical enterprise security teams face over a million SIEM alerts every day. You don’t need to be a mathematician to know that’s too much for any team to reasonably prioritize and investigate. That’s why so many SIEM alerts get ignored — helping attackers slip through the cracks.
However, many of these alerts aren’t actionable. You’re just the next IP inline in an automated scan or probe, and if you can block the connection at the first packet there’s no further action to take. So why deal with the alert in the first place? By deploying a threat intelligence gateway like ThreatARMOR, you can block up to 80% of malicious traffic from ever making it to your network in the first place. Not only does this dramatically reduce your SIEM alerts, it also takes the pressure off your NGFWs. Since they aren’t really built for blocking traffic at a massive scale, you can conserve their processing power for more important tasks like deep packet inspection and threat detection.
Contain Whatever Gets Past Your First Line of Defences
The other advantage of a threat intelligence gateway is that it automatically blocks command and control (or C&C) connections from malware like ransomware. These tools are backed by threat intelligence teams with global honeypot networks that run around the clock — examining malware and tracking the C&C servers that manage malware networks. Because of that, these tools can block the “phone home” connection from active malware that’s made it into your network — enabling you to not only prevent malware from inflicting damage and spreading, but also identify which systems are infected and need remediation. This doesn’t replace your endpoint security product (which can do behavioural detection and spot malicious activity), but it greatly reduces the impact that an infection can have on your network.
Continuously Test Your Own Defences
Security is never static. New misconfigurations, threats, and vulnerabilities emerge every day. That’s why it’s so important to ensure that your network and endpoint security policies are being enforced the way that you expect. The latest Verizon Data Breach Investigation Report revealed that simple misconfigurations cause far more breaches than technology gaps.
So, what does this mean? In essence, you need to think like an attacker. That’s where Breach and Attack Simulation tools, like Keysight’s Threat Simulator, come in. These tools make it easy to safely simulate a wide array of exploits and attacks against your security stack (endpoints, firewall, WAF, DLP, etc.), identify vulnerable misconfigurations, and fix whatever gaps you find with step-by-step remediation instructions. In short, your network and endpoint tools provide your security — breach and attack simulation tools reduce the risk of a cybersecurity incident by ensuring that those tools are all configured and working optimally.
An ounce of prevention is worth a pound of cure
Don’t wait for attackers to test your own defences. An investment to strengthen your network security will reduce your likelihood of suffering a major breach. Considering the costs associated with such attacks — including legal / compliance fines, reputational damage, and market capitalisation losses — it’s hard to imagine a more risk-mitigating investment than improving your network security.