The need for comprehensive cybersecurity is the greatest it's ever been, with no signs of slowing down. We have a backlog problem. Security practitioners everywhere are experiencing serious alert fatigue from the mounting number of security incidents they need to attend to on a daily basis. This type of burnout can lead to indifference and thus widen the gaps that cyber criminals look to exploit.
Solving alert fatigue as a whole is an overwhelming task. Within your organization, however, it is more achievable and will strengthen your organization’s protection. The best way to tackle this issue is to sort out the assets that are critical to your business.
“Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.”
– John Lambert
Critical assets are your organization’s crown jewels. An attacker is looking for paths to your business’ crown jewels, and often, that starts with the exploit of a related cyber asset. Understanding how all your resources are connected to your critical assets can empower your security team to easily isolate threats and prioritize alerts. Plus, doing so will give you the information to pre-determine how you’re going to handle new vulnerabilities and incidents.
Let’s get critical about critical assets
Before you identify your most critical cyber assets, it’s important to remember that a cyber asset is more than a device with an IP address. Modern cyber assets encompass any digital asset that has an attack surface and requires active security management, including software-defined and ephemeral assets. They are operational entities such as code repos, data stores, IAM policies and roles, security controls, people, vulnerability findings, secondary systems, and more. Investing in a solution that provides comprehensive cyber asset visibility is a great place to start - after all, you can’t secure your environment if you don’t know what’s in it. JupiterOne not only ingests data about all the entities in your environment, but also provides you with a visual map of how your cyber assets connect.
Once you know what you have and understand the relationships between your assets, it’s time to start asking yourself a few broader questions to narrow down what can be considered critical:
- What are the regulatory requirements surrounding your data? The most stringent regulatory requirements are often a good indicator of what to consider a “critical asset,” making this a good starting point.
- What is important in your market? A financial institution has different priorities and types of data than a company that sells a tangible product. Find out which assets are most important in your market.
- Who relies on this data? Whether they are internal or external stakeholders, it’s important to think about who will be affected by a breach.
- Where is your data stored? Understanding how your data is stored is critical to how you secure it because it impacts the way your data is connected and the potential impact a breach could create.
- What would the repercussions be if a competitor or cyber criminal got ahold of our data? Would the cyber criminal exploit customer data and resell it? Would your competitors know your trade secrets? Would it result in financial losses and fines? Will it impact your safety?
These questions will give you a general criteria for a critical asset, but it’s important to conduct periodic reviews of how you deem something to be business-critical.
Read also: Making your cloud strategy “antifragile” with the DIE security model
Monitor and categorize vulnerabilities
A vulnerability is a weakness in your environment that could be exploited or triggered by the threat source. So really, it’s any problem with any asset. Common vulnerabilities include misconfigurations, unsecured APIs, outdated or unpatched software, zero-day vulnerabilities, weak or stolen user credentials, unauthorized access, third-party systems, open source libraries, flaws in the shared responsibility model, and more.
Although continuous monitoring is crucial, it contributes to alert fatigue. Listing and categorizing your vulnerabilities by priority level will help you create pre-defined processes for future vulnerability management and alleviate the stress that security practitioners often feel when managing these alerts.
Be proactive and anticipate threats
A threat is any circumstance or event with the potential to adversely impact the organization. In other words, a threat is the exploitation of a vulnerability.
Now that you have your list of vulnerabilities bucketed out, your team can be proactive and prepared when experiencing an incident. Anticipating threats can include a variety of behaviors from internal training to continuous compliance monitoring to periodic reviews of security controls.
Use your vulnerabilities list as a starting point to creating threat profiles and robust action plans.
- Who could be exploiting your vulnerabilities?
- What is the probability it will happen? Has it happened before?
- How long might it take?
- What will be impacted?
- What are the steps we need to take to remediate it and isolate it?
These robust action plans can be crucial in isolating and stopping the incident, or dealing with the aftermath of the breach if one does occur. Proper documentation can also help your organization in the future.
It always pays to be prepared
Every organization has assets that are critical to your business success. Every cybercriminal is looking to exploit them for their malicious purposes. Every security practitioner has felt the weight of alerts and information without knowing how to prioritize issues, actions, or time.
JupiterOne’s Critical Assets feature in the JupiterOne platform provides customers with the ability to:
- Monitor your business critical assets for configuration issues, compliance gaps, and security findings.
- Create a starting point among all the noise with pre-marked asset classes that give teams a baseline of risk to establish where to focus first.
- Understand how your Critical Assets connect with the rest of your environment by viewing them via Dashboards, the JupiterOne Graph Viewer, or the Assets app. JupiterOne also connects directly to your alerts, vulnerability workflows, and compliance frameworks.
The tools and strategies mentioned above will allow you to expand on the JupiterOne pre-defined Critical Assets to more specifically cater to your needs. Security leaders and practitioners can take advantage of transparent prioritization of time and resources, streamlined security workflows and compliance, and reduced noise and alert fatigue.
To learn more about implementing Critical Assets in your organization, request a demo here.
