Transcription
15 WaysXSPM IncreasesCybersecurity ROI
Table of ContentsIntroduction3Statistics vs. Cost vs. Risk vs. Value – The Quantification Conundrum4How Security Validation with Extended Security Posture Management(XSPM) Approach Increases your Security ROI501 It optimizes your existing defenses502 It maximizes in-depth visibility in your tool stack503 It rationalizes your cybersecurity tool stack504 It prioritizes patching and reduces emergency patching loads505 It preserves business continuity606 It prevents security drift607 It provides metrics and traceability608 It optimizes the Security vs. Operability trade-off609 It reduces dependency on time-consuming and resource-heavy manual methods710 It enables data-driven decision-making711 It facilitates M&A cyber due diligence of prospective acquisition712 It reduces cyber-insurance costs813 It helps obtain investments814 It is assessment compliance future-proof815 It reduces cyber employees' burnout and churns8What are the five pillars of XSPM?901 Attack Surface Management (ASM)902 Automated Red Teaming903 Breach Attack Simulation (BAS)904 Advanced Purple Teaming905 Attack-Based Vulnerability Management (ABVM)2 15 Ways XSPM increases Cybersecurity ROI10
IntroductionThough ransomware and supply-chain attacks are currently the two leading contendersfor mainstream news headlines, the number and complexity of cyber-attacks keep growingand, between the militarization of cyber-attacks and the juicy revenue derived fromcyber-crimes, their growth is likely to continue in the foreseeable future.For organizations aware of this situation, the most immediate result of the expansionof cyber-threats is an increase in cyber-security expenses. As both the risk to business asusual and the aggregated costs of successful breaches rise, the board is increasinglyinterested in obtaining a clear idea of the ROI of their investment in cyber-security.Yet, the responses they receive from their CISO of SOC head are often sorely lacking inspecifics and metrics, and, stuck in the middle, the executive leadership that typicallylacks cyber expertise is struggling to know what to ask and how to get the answer they need.To make matters worse, with an average of 45 different security tools under management,organizations’ SOCs are drowning in excessive complexity and struggle to evaluate theefficiency of individual solutions in their tool stack, which often leads to overlappingcapabilities generating duplicate, sometimes contradictory data, and hidesthe perilous absence of other needed functionalities, the lack of which mightlead to unmonitored security gaps.After a short reminder of the inherent issues in evaluating the value of risk reduction,this ebook examines the multiple ways XSPM enables such an evaluation and, with precisemeasurements in hand, rationalizes and optimizes the existing tool stack, hardens securityposture, and prevents security drift, thus increasing cyber-security ROI at every level.3 15 Ways XSPM increases Cybersecurity ROI
The Quantification ConundrumThough the cost of a cyber-security defense array – cybersecurity tools and solutions security teams rising wages IT team everlasting chase of vulnerability patching - isrelatively easy to calculate, calculating the value brought in by the defensive solutions,individually or as a whole, is far more complex. According to a 2021 report from IBM and thePonemon Institute, the average cost of a data breach for the 500 leading companiessurveyed reached 4.24 million per incident in 2021, the highest in 17 years.Yet, even extrapolating from those research details and factoring in other elements suchas your industry vertical, number of employees, or others, to quantify the potential costto your organization will still not enable you to calculate your defensive security stack value.A precise evaluation of that value requires knowing whether the Detect and Respond toolsare effective in detecting and preempting attacks and at what percentage exactly.The efficacy of the SIEM and SOAR array is defined by selecting and enforcing adequatepolicies for each solution's security control. For decades, this measure was establishedthrough annual or bi-annual penetration testing exercises. Unfortunately, the rapid threatlandscape progression, coupled with the frequent deployments that are the hallmarksof agile development, renders pen testing and manual red teaming exercise increasinglypointless and helpful only to keep compliance regulators at bay.To effectively quantify risk exposure, you need a way to measure the efficiency of yourdefense continuously, granularly, and comprehensively against cyberattacks.This requires integrating with a comprehensive security validation suite coveringall potential security gaps, from exposed assets and initial foothold entry pointsto escalation, lateral movement, command execution, and data exfiltration.4 15 Ways XSPM increases Cybersecurity ROI
How Security Validation with XSPMIncreases your Security ROIXSPM (Extended Security Posture Management) challenges, measures,and optimizes your security stance in multiple ways:01Optimize your existing defensesXSPM validates the efficacy of each of your SIEM and SOAR tools bycorrelating the number of production-safe attacks they detected, preempted,or mitigated. According to IBM’s Cyber Resilient Organization Report,an organization uses an average of 45 security solutions from 13 differentvendors. Each of these solutions has its own set of configurations, policies,and control settings, making it overly complex to assess whether theyperform at their maximum capacity within your environment.02Maximize in-depth visibility in your tool stackXSPM measures your existing “tools” effectiveness, identifies security gaps,and provides actionable remediation recommendations.03Rationalize your cybersecurity tool stackBy comprehensively assessing your security posture end to end and providing360 visibility into each of your tools’ effectiveness in detecting theproduction-safe attack scenarios and campaigns launched by Cymulate andtheir ability to stop or mitigate those attacks, XSPM enables you to eliminate toolsoverlapping capabilities and define precisely which capabilities are still missing.04Prioritize patching and reduces emergency patching loadsChecking active environments’ resilience with a comprehensive arrayof production-safe attacks identifies precisely which vulnerabilities are themost critical to patch. This Attack-Based Vulnerability Management (ABVM)approach prioritizes the patching schedule based on the actual risks toa specific environment unlike legacy Vulnerability Management (VM) or evenmore advanced approaches such as Risk-Based Vulnerability Management(RBVM) that evaluates the risk either exclusively based on risk scores such asCVSS, or correlates those scores with other factors based on business contextand other generic factors and factors based on statistical-based evaluations.The vulnerability patching workload established by ABVM takes into accountup-to-date, data-backed inputs such as the ability of your systems’ securitycontrols to compensate for even high-scored vulnerabilities.The streamlined patching schedule lightens the load on the IT team.5 15 Ways XSPM increases Cybersecurity ROI
05Preserve business continuityIn addition to strengthening resilience against known threats, the XSPMImmediate Intelligence Threat module activates the ability to rapidly assesscyber resilience against emerging threats, such as Log4J based exploits, forexample, and the continuous nature of the assessments prevents downtime and waterfall loss of revenue – due to delayed or untested inadequate patching.06Prevent security driftAs the environment keeps evolving due to frequent deployments and newthreats are emerging daily, a known healthy security posture based on annualor bi-annual validation can slowly or abruptly drift into a worsening conditionunless the causes are spotted and addressed in real-time. Continuouslyrunning XSPM immediately detects security drift and enables correcting thenew security gaps before the security posture shifts from a known good stateto a bad state.07Provide metrics and traceabilityRegardless of security programs’ effectiveness, cybersecurity strategies aretypically based on guesstimates established by statistically evaluating theimpact of adherence on best practices and internal pressures, constraints,and politics. Cymulate’s algorithm, on the other hand, calculates your securityscore using industry-recognized standards such as the NIST Risk ManagementFramework, CSVSS v3.0 Calculator, and Microsoft's DREAD and, mostimportantly, by correlating these values with the risks incurred by yourenvironment also based on the percentage of launched production-safeattacks detected and deflected by your defensive array.The results are quantified based on measurable events, providing a reliablenumerical score that can be used as a base to harmonize baselines and KPIsand monitor trending.08Optimize the Security vs. Operability trade-offAn impenetrable security posture can only be achieved through impenetrablewalls and total insulation from the external world. Unimpeded operabilityrequires 100% open lines of communication and data transfer. Achieving astate of equilibrium that enables conducting business and provides anacceptable level of risk requires delicate negotiations between the CISO andexecutive leadership. The precise risk quantification provided by XSPM is a keyfactor in striking the optimal balance between risk and agility.6 15 Ways XSPM increases Cybersecurity ROI
09Reduce dependency on time-consuming andresource-heavy manual methodsManual security validation methods such as pen testing or red teaming aretime and resource-heavy and are costly. In addition, the quality of the testingperformed varies according to the pen tester or the red team skills.Even worse, even highly skilled pen testers now have to compete with theAI/ML offensive tools available to cyber-attackers and need to be proficient inevery one of the hundreds of attacks tactics, techniques, and proceduresalready listed on MITRE and other repositories and keep up with emergingthreats. By operationalizing listed and emerging TTS with both MITRE and NISTmatrixes, XSPM eliminates reliance on manual validation.10Enable data-driven decision-makingAn additional benefit of having access to fact-based, quantified data is theability to make informed decisions. It answers Jeff Pollard, Forrester’s VP andprincipal analyst, requirements about metrics: “We’re always looking atinformation and making decisions, that’s why security leaders need greatmetrics. If your metrics don’t allow you to do that, then you know they’re notworthwhile. So, then you need to create metrics that let you make decisions.”11Facilitate M&A cyber due diligence of prospective acquisitionAside from past cyber history and HR-related questions, XSPM is a simpleand efficient way to answer all the cyber due diligence questions delineatedin Deloitte Due Diligence for Mergers and Acquisitions through a cybersecuritylens advisory document.7 15 Ways XSPM increases Cybersecurity ROI
12Reduce cyber-insurance costsCyber insurance companies are slated to shift their requirements from askingattestation to requiring organizations to document that the controls theyclaim are in place are indeed installed and effective. XSPM goes beyond theseupcoming requirements and provides documented proof that the controlsare indeed in place, continuously tested, and preventing security drift.13Help obtain investmentsWith cybersecurity ranking second of the top 5 concerns of potential investors,the ability to provide an in-depth, quantified evaluation of your cyber resilience,document variance from established baselines and security drift, reassure themabout resilience to emerging threats, demonstrate the ability to vet prospectivevendors for cyber risk, etc. XSPM provides and documents allof these and more.14Assessment compliance future-proofAs technologies evolve and regulators attempt to ensure the regulations remainrelevant, the extent of risk assessments required by compliance regulators willprobably keep widening. XSPM covers the most advanced continuous securityvalidation technologies and automatically generates comprehensive riskassessment reports with a level of detail considerably superior to the current and foreseeable future – regulators' demands. Already today, it enables youto provide fully documented updates at any time without needing to divertresources to produce the required information, and the depth of securityvalidation assessment it provides is already far more comprehensive thancurrent requirements, hence ahead of future requirements.15Reduce cyber employees' burnout and churnsAside from chronic understaffing, alert fatigue, increased complexity, andhighly repetitive task loads are the main factors behind cyber staff burnout.By shrinking the number of false-positive alerts, rationalizing the tool stackand automating the majority of repetitive tasks, XSPM reduces the load oftasks with a negative impact on cybersecurity staff, freeing their time toconduct more high-level risk analysis and improving their job satisfactionlevel, thus reducing employee turnover.As you can see, aside from providing reliable resilience data to continuously validate yourorganization's risk exposure assessment and recommend focused mitigation advice totighten your security posture, Extended Security Posture Management (XSPM) providesmetrics to effectively measure your cyber-security tool stack ROI. It also provides granularquantified data to improve these tools' efficiency and ROI and rationalize the defensivesolution stack as a whole.8 15 Ways XSPM increases Cybersecurity ROI
What Are the Five Pillars of XSPM?01Attack Surface Management (ASM)Emulating an attacker during the reconnaissance phase, where they performa comprehensive analysis on their target organization. ASM tools scan thedomains, sub-domains, IPs, ports, etc., for internet-facing vulnerabilities.It is also looking for Open-Source Intelligence (OSINT) that can later beused in a social engineering attack or a phishing campaign. This tool helpsorganizations understand how hackers might get an initial foothold.02Automated Red TeamingAutomated Red Teaming campaigns go beyond just the reconnaissance pageto answer the question: “how can an adversary breach my defenses?”These end-to-end campaigns attempt to penetrate the organization byanalyzing exposed vulnerabilities and autonomously deploying attacktechniques that penetrate the network. For example, they can trigger theattack with a well-crafted phishing email. After gaining the initial foothold, theattack subsequently propagates within the network in search of criticalinformation or assets.03Breach Attack Simulation (BAS)Breach and Attack Simulation tools answer the question: “how well are mysecurity controls and processes performing?”It launches simulated attack scenarios out-of-the-box and correlatesfindings to security controls (email and web gateways, WAF, Endpoint, etc.)to provide mitigation guidance. These are primarily used by the blue teamto perform security control optimization.04Advanced Purple TeamingPurple teams expand BAS into the creation and automation of customadvanced attack scenarios. These tools usually extensively leverage theMITRE ATT&CK framework, enabling advanced security teams to createcomplex scenarios from predefined resources and custom binaries andexecutions. Custom scenarios can be used to exercise incident responseplaybooks, pro-active threat hunting, and automate security assuranceprocedures and health checks.9 15 Ways XSPM increases Cybersecurity ROI
05Attack-Based Vulnerability Management (ABVM)Relieve the chronic vulnerability patching overload chronically afflicting IT teamsby drastically reducing the number of critical patches required. ABVM checkswhich vulnerabilities are effectively compensated for by the defensive array anddeprioritizes them, focusing the patching effort on vulnerabilities that effectivelyendanger your infrastructure.Extended SecurityPosture ManagementAnalytics and matedRed TeamingCampaignsBreach& AttackSimulationPTPurpleTeamingABVMAttack Based Vulnerability ManagementOne Solution that EncompassesAll Into Consolidated FrameworkAbout CymulateCymulate was established with the vision of empowering security professionals to make better decisions faster, based on real-time data.Founded and led by an elite team of cyber researchers with world-class experience in offensive cyber solutions, Cymulate is determined to becomethe golden standard for security professionals and leaders to know, control, and optimize their cybersecurity posture end to end. Trusted by hundredsof companies worldwide, Cymulate constantly enhances its methods to prepare organizations for any attack scenario or campaign.With Cymulate, organizations continuously measure security performance in real-time, shore up defenses, and assure operational effectiveness.Measuring your cybersecurity performance is fundamental towards creating a more secure organization!Contact us for a live demo, or get started with a free trialStart Your Free TrialHeadquarters: Maze St 3, Tel Aviv 6578931, 7546302, Israel 972 3 9030732 info@cymulate.com
metrics to effectively measure your cyber-security tool stack ROI. It also provides granular quantified data to improve these tools' efficiency and ROI and rationalize the defensive solution stack as a whole. 12 Reduce cyber-insurance costs Cyber insurance companies are slated to shift their requirements from asking
