Last year, I talked about how security deserves more. For too long, we watched as the likes of Sales and HR reaped the benefits of tailor-made operating systems for their workflows, as our security teams struggled with muddy data and inefficient communication. Cyber risk needed to be seen as business risk — but teams were struggling to get the message across.
Today, we’re happy to see that organizations are more attuned to the ramifications of unmitigated cyber risk. The pandemic has accelerated enterprise adoption of the cloud, SaaS, and in-house development — and resulted in new attack surfaces burgeoning at an unprecedented pace. This has forced the faster implementation within organizations of security tools built to protect and improve the posture of these new attack surfaces.
The information challenge
The problem is that, while we may be getting better security for each attack surface due to purposely built solutions, we’re not getting the full, interconnected picture of our cyber risk. The tools are siloed, but the attack vectors are all fluid parts of each other. Today’s environment means that, for example, an attack at the endpoint level can quickly morph into something else entirely, as systems are breached and critical data accessed. This makes establishing the true extent of your cyber risk a complex and multilayered challenge.
The stakes are high. The cost of a breach in 2022 was a record-breaking $4.35m. A third of security leaders were impacted in public cloud environments. And we quickly surpassed 2021’s number of ransomware attacks, with 236.1 million in the first half of 2022 alone.
2023 promises to be no less challenging. SaaS, API, cloud, and application attack surfaces will continue to provide an additional and expensive headache to security leaders in the coming year and beyond, while the cloud — still immature in its security apparatus — will again prove to be a playground for threat actors.
This past year may have been the year of amplification — of highlighting the importance of cyber risk management from the top level down. But 2023 must be the year of execution, of understanding the circumstances of our cyber risk, identifying the actions to take to mitigate it, and implementing them across the organization.
Solving the data riddle
CISOs have the responsibility — with potentially curtailed budgets in 2023 — of ensuring that their vulnerability management programs effectively deliver security posture outcomes in a rapidly growing cyber risk environment that threatens to swell beyond our control.
Today’s teams can leverage their suite of solutions to shine a light on almost every attack surface individually. But as we get clarity in one area, we often lose sight of the bigger picture. The tools we have mean that we’ve built the railroads for our data, but we need to be making sure they all arrive at the same station.
But it’s more than this.
We need our tools to really talk to each other. For our data to work for us. And for our view of cyber risk to be an accurate representation that lets us take effective mitigation steps — rather than an incomplete one that leaves us exposed.
Just having one dashboard isn’t enough. The single pane of glass has little value if all we can see is a puzzle. Our data must be correlated, the connections made, the many pieces of information all falling into place. Security teams must act as the storytellers weaving the cyber risk narrative together — and turning it into clear mitigation processes.
Our goal at Vulcan Cyber® is to achieve exactly this. Our roadmap for the next few quarters is defined by magnifying vulnerabilities in context, and as entities bigger than the sum of their parts. Put simply, it’s about treating the data better.
In practice, this objective is realized in three pillars:
1. Turning Vulcan Cyber into THE single repository of cyber risk
With the cyber risk landscape expanding at pace and showing no signs of slowing down, teams quickly become overwhelmed by the sheer volume of data they need to work through before they can even start addressing the threats to their organizations. Our ambition at Vulcan Cyber is to provide the unifying platform for all security data — and transform for the better the way practitioners process it.
This means more integrations to fit seamlessly within all cyber security ecosystems. New attack surfaces demand new tools — SSPM and 3rd party security for SaaS platforms, solutions, DSPM for the cloud, CIEM for identity data, etc. The resultant data from those tools must then be ingested and synthesized, so that we are left with cyber risk information that we can take action on.
2. Building the most advanced risk insights and analytics platform on the market
The simple fact is that we can no longer be looking at vulnerabilities as separate entities — we must consider them as part of larger attack paths spanning multiple assets and attack surfaces.
While a vulnerability in a low-priority asset may not raise alarm on its own, this quickly changes when seen as just one point in an attack journey connecting different assets and spanning multiple attack surfaces — leading all the way to an organization’s most critical data.
The Vulcan Cyber platform has been created to:
- Help customers with the challenge of processing billions of data points every day
- Highlight new connections between data and provide additional methods for prioritization, such as threat intelligence, ownership, and the MITRE AT&CK framework.
- Identify toxic combinations of vulnerable assets and map out the resulting attack paths which represent real risk to organizations.
3. Fixing the orchestration problem, especially around ownership
Cyber risk management today is not solely the domain of security practitioners. Other teams within the organization are responsible at different stages of the risk mitigation process, and must be empowered to take necessary action.
With the orchestration of risk reduction still a challenge for many organizations, a key part of our work is focused on automatically detecting and assigning ownership to the right teams, sending tickets with all relevant data to the right people, which allows them to remediate quickly.
This can be broken down even further into:
- Assisting security teams with automating the assignment of remediation tasks to owners, reducing the time spent on manual, routine work and script writing.
- Enabling security teams to structure the ownership information in the Vulcan Cyber platform
- Facilitating the creation of timely, actionable, and personalized tickets and notifications for remediation teams, which greatly improves alignment.
- Providing teams with the ability for consolidated reporting and detailed analytics of the risk reduction process.
The hard work has already begun. And I am certain that, with the willingness already there, organizations will be quick to join us on our journey.