2024 Gartner® Market Guide for Managed Detection and Response
2024 Gartner® Market Guide for Managed Detection and Response Get the Report
Protect, Detect, and Respond Using a Risk-Based Approach
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides guidelines for organizations to use in their cybersecurity efforts. The NIST categories include identify, protect, detect, respond, and recover. Pondurance, a managed detection and response services provider with a 24/7 security operations center (SOC), uses those same five categories to develop cybersecurity programs for clients.
In a recent webinar, Dustin Hutchison, Chief Information Security Officer and Vice President of Services at Pondurance, discusses Pondurance’s risk-based approach to cybersecurity. A risk-based approach focuses on your organization’s specific cyber risks and considers what your organization wants to accomplish and what it needs to protect. He provides definitions and explains the steps involved in each of the five categories. In this blog, we’ll review Dustin’s discussion of the protect, detect, and respond categories, including the importance of 360-degree visibility, risk response, and 4D detection.
360-degree Visibility
Assessing risk is an ongoing activity for a cybersecurity program, even as it moves into the protect and detect stages of the process. Full visibility of the threat landscape can reduce the risk and impact of a cyberattack and even reduce the time it takes to remediate an incident.
As part of a risk-based cybersecurity approach, Pondurance offers 360-degree visibility to allow your organization to see the big cybersecurity picture and provides high-fidelity monitoring of your endpoint detection and response solution, vulnerable data, native application programming interface, networks, logs, clouds, and netflow to protect your most valuable assets.
Risk response
Before a cyber threat is ever detected in your environment, it’s important to understand your organization’s risk response, meaning the actions your organization has chosen to take to manage the impact of the risk. Dustin talks about the different ways organizations respond to risk including:
Acceptance – Do nothing, recognizing that the risk is low enough that it doesn’t require action. Dustin discusses the importance of knowing, from an IT or cybersecurity perspective, who should be the person within the organization to accept the cyber risk or responsibility.
Avoidance – Decide not to take an action to minimize the risk. For example, if your organization is looking at a new system and the vendor can’t implement compensating controls, you may decide you need to avoid the risk and not take that action.
Mitigation – Take some action to minimize the likelihood or impact of a risk. Organizations use cybersecurity policies and processes, such as firewalls or encryption, to minimize the risk or impact of a cyber threat.
Sharing or transferring – Move the risk to a third party. Your organization may be inclined to push risk to a third party or some other mechanism to remove the burden of or responsibility for the risk. However, Dustin tells why reputational damage is still likely even if you share or transfer the risk to a third party.
Every organization has its own unique cyber risks and ways of dealing with those risks. Using a risk-based approach to cybersecurity, Pondurance considers your organization’s response to risk when determining the appropriate protect and detect strategies and guides you to respond to risk in a way that will safeguard your organization from a harmful attack.
4D Detection
Today, cyber threats loom for organizations of every size, in every industry. Detection and response are necessary to keep your organization safe from such threats. Threat hunters and SOC analysts monitor incoming alerts and constantly analyze those alerts to determine if the threats warrant escalation. But, as Dustin explains, not every threat comes with an alert. Threat hunters and SOC analysts also must proactively hunt for and detect threats 24/7 across all networks, endpoints, logs, and clouds to protect again cyberattacks.
Pondurance’s risk-based approach can help your organization monitor and analyze alerts in real time to reduce alert fatigue for your team and conduct threat hunting and detection with your specific cyber risks in mind. Our high-fidelity detection allows us to quickly and accurately detect and respond to cyber threats using advanced technologies and methods such as machine learning, artificial intelligence, and cross-customer modeling.
Conclusion
A risk-based approach focuses on your organization’s cyber risks and considers what your organization wants to accomplish and what it needs to protect. That way, your organization protects, detects, and responds using the best cyber strategies for your unique cyber risks. Watch the webinar to learn more about the five categories involved in Pondurance’s risk-based approach to cybersecurity.