Knowing Your Cyber Battlespace: Why Domain Awareness is Critical to Keeping Your Business Thriving in the Current Cyber Environment
Dec 30, 2020
By Mark Spangler, Wednesday, December 30th, 2020:
There is an actual war being waged every day against your company and its data. Your very corporate existence may be at risk from a wide spectrum of cyber actors. These could include disgruntled insiders, careless employees, criminal groups, hacktivists, and even hostile nation-state units. The target is your intellectual property, financial information, and/or holding your data/systems hostage. On this digital battlefield, it is critical for companies of all sizes to understand what digital assets they possess, how those assets are configured, and how those systems and processes are being safeguarded. Operating in this environment may seem a truly daunting task for many organizations. Yet, effective risk management of your cyber domain demands intimate and ongoing domain awareness. This domain awareness, above all, remains a foundational element in managing overall corporate risk.
Where to Start:
Very few IT or Cyber managers ever get the luxury of building their IT systems from new. Most inherit an “evolved architecture,” one that often begs the question of whether intelligent design was involved in its construction. Yet, managers must have absolute domain awareness to make informed judgments regarding important resourcing and risk decisions required of today’s managers. Without domain awareness, investments in protection are not based on fact. This ignorance of their cyber landscape becomes a dangerous and irresponsible condition for cyber managers. It can be at this precise point where the cyber manager takes a turn from being a business asset to one of a cost center, spending the organization’s resources without a solid foundation of awareness. Investment decisions must clearly show how it provides a return on investment and how that investment supports the organization’s overall risk management goals.
Whether your IT domain is extensive or consists of just a few routers and laptops, asset management is the critical foundation to begin management of your digital domain. There are many ways to achieve an accurate picture of your organization’s cyber environment. At present, there is an abundance of network tools that can provide both hardware and software asset inventory. The challenge for many organizations is making the commitment required to maintain asset management over the long term. This is the point at which many organizations falter. Without a significant organizational commitment to asset management, the simple unmanaged addition of a laptop, workstation, or server can serve to destroy your organization’s domain awareness.
After your organization has established a foundation of asset management (i.e., you now know what your domain consists of), it is important to understand how those assets are configured and interact. Understanding what ports, protocols, and services are enabled must be a part of your domain awareness. Knowing how devices are configured, what devices are permitted to execute specific services is imperative. Knowing which devices have permission to exchange data, inside and outside your network, are critically important components of your organization’s domain awareness. This awareness also extends to what software versions and updates are being run on your devices. This configuration data provides an important picture of your domain’s inner workings and how your domain interacts with the outside world.
Laying the Foundation:
Asset and Configuration Management are certainly not a cure-all for the diverse and ever-changing set of threats encountered in today’s cyber domain. However, these two basic and vital IT hygiene factors do build a required foundation within any domain to begin fact-based decision making. Without these two critical elements in place, the decision to purchase and deploy cyber tools is premature and ill-advised. Beginning fact-based decision-making in concert with your organization’s risk management program can begin your journey toward cybersecurity as a strategic business advantage.
Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.