Security posture management is a phrase that encapsulates the range of strategies, tools, and measures employed to protect an organization from cyberattacks. A relatively new buzzword, however, is bearing the message of the need to improve organizational cybersecurity further: extended security posture management.
What needs to be extended? How is this extension achieved to improve the cyber defenses of organizations? These are things businesses and other organizations should consider exploring some more as cyberattacks continue to evolve and become more hostile.
The FBI, CISA, and NSA recently released a joint advisory on the bolstered activities of threat actors, particularly those considered threat-sponsored. Hackers and other cybercriminals are now more aggressive, and organizations unwittingly create more attack surfaces in their networks. Conventional defenses are no longer enough. There is a need for more comprehensive, meticulous, and up-to-date protection.
What constitutes extended security posture management
Some may think that extended security posture management is a mere marketing buzzword introduced by one security firm, but it is more than that. While it may not have a formal definition, Extended Security Posture Management or XSPM is not an alien concept in the world of cybersecurity. It was developed to address the deficiencies in modern but conventional security validation solutions.
Extended Security Posture Management is described as the next generation of tools used in Breach and Attack Simulation (BAS) and continuous security validation. It expands functions and features to ensure comprehensive end-to-end validation. These functions include analytics, insights, and enhanced dashboards for better security visibility and management.
Extended security posture management is an upgrade to automated testing, which may have the efficiency advantage over manual pen tests but lacks comprehensiveness. It combines the best of the penetration testing solutions such as attack surface management (ASM), continuous automated red teaming (CART), breach and attack simulation (BAS), and advanced purple teaming.
XSPM provides a holistic approach to security testing while adding improved controls and a robust prioritization scheme. It enables a comprehensive view of an organization’s state of cybersecurity, the closing of security gaps, security posture optimization, technology rationalization, and improved operational effectiveness.
The need for enhanced security visibility
The complex network of services and devices in modern offices makes it difficult to monitor security events and respond accordingly. Add to this the rise of telecommuting, BYOD arrangements, reliance on multi-cloud environments, and the use of multiple security controls from different vendors. It is difficult to achieve a good level of security visibility when dealing with different situations and security dashboards.
According to a Ponemon Institute study, 65 percent consider visibility into the IT security infrastructure as an obstacle to the success of a security operations center.
It is impossible to react to threats or manage risks if an organization does not see them. The solution is to unify all security controls under a single dashboard to make it easier to see activities in different situations, under different security controls, and across devices and platforms.
Enhanced security visibility is one of the hallmarks of extended security posture management. It allows organizations to learn about their current exposure, vulnerabilities, and security loopholes. With its analytics function, it also enables the tracking and measurement of security performance based on testing methods developed by NIST, Microsoft DREAD, and CVSS V3.CVSS V3 and Microsoft DREAD.
Going after expanding cyber-attack surfaces
As organizations digitalize further, grow their networks, and embrace new technologies, it is inevitable for their attack surfaces to likewise expand. On the other hand, recent developments including the geopolitical conflict in Eurasia have made the cyber threat landscape more dangerous.
“The attack surface has expanded with cyberattacks affecting organizations across all industries ranging from infrastructure operators to food producers to healthcare and education facilities,” notes cyber threat intelligence expert and cyber risk consultant James Owen in a commentary about the global cyber risks at present.
Extended security posture management helps mitigate attack surface risk due to the lack of proper IT and cyber hygiene. It is useful in identifying critical cyberattack surfaces, including those that may have been left unnoticed for a very long time. It can also help in detecting new attack surfaces that only emerged after recent changes in an organization. This benefit is linked to the ability of XSPM to greatly expand security visibility.
Moreover, XSPM employs the MITRE ATT&CK framework to undertake a systematic way of dealing with cyber threats plus the benefit of an up-to-date global cyber threat intelligence network. The framework guides the end-to-end security validation process with the latest information on adversarial tactics and techniques as observed and analyzed by cybersecurity experts from different parts of the world.
Separating noises from signals
Almost all organizations worldwide use an assortment of security controls to handle different threats. These include perimeter defenses such as firewalls and Intrusion Detection Systems (IDS) and in-app security solutions that reside within the applications themselves to provide a context-based defense. The multitude of security controls generates overwhelming amounts of alerts or notifications, which can be very challenging to attend to.
With Extended Security Posture Management, these security alerts and information on various security events are analyzed to prioritize the most urgent ones and make sure they are not covered by less important notifications. The XSPM platform provides actionable insights that help security teams address threats more effectively.
XSPM can feature risk scores, for example, to quantify the security situation and make it easy for organizations to act on the most urgent concerns. Color-coded graphs of the detected threats may also be displayed for a more intuitive way of evaluating the security situation. This extended feature is definitely an improvement for the management of an organization’s security posture.
Scaling in-house adversarial expertise
Another important feature of Extended Security Posture Management is its scalability and ability to adapt to the cybersecurity needs of any organization. It harnesses an advanced purple teaming framework to scale an organization’s expertise in dealing with adversarial attacks.
It automates assurance and regression testing processes to improve the identification and prevention of security drift and tech failures. Furthermore, it supports the formulation of assurance assessments that are distinct to the needs of an organization. Additionally, it facilitates the investigation of system and network susceptibility to particular adversarial tactics and techniques.
This ability of XSPM is also referred to as “proactive purple teaming.” It affords organizations a flexible system for crafting and automating red and purple team exercises. This is important in light of the rapidity of the changes many organizations undergo as they adapt to the drastic developments happening around the world that impact cybersecurity.
Expanding abilities to cover expanding threats
In summary, there is a need to extend an organization’s security posture management in response to the kind of threats organizations are facing. Attack surfaces have expanded, and so should detection and prevention capabilities. It is important to have much broader visibility of the security situation of an organization and the ability to scale cyber threat expertise to address changing security needs agilely.
Image: Pixabay