CISO Periodic Table

®

Security concerns of the modern-day CISO

Click each element to learn more

Dx

Dx

Ba

Ba

Ra

Ra

Mi

Mi

Ot

Ot

Trm

Trm

Ni

Dr

Mi

Sas

Ra

Oz

Tm

Th

As

Bc

Cs

Fc

Ns

Te

Vm

We

Dp

Oa

Bu

Rs

Si

Ot

Oc

Soc

Trm

Dx

Go

Rm

Co

Ir

Pr

Ba

Np

St

Cm

Bd

Iam

Ml

Pm

Cti

Cfg

Am

Em

Dso

Zt

Pt

Es

Nt

Ws

Ai

Ha

Digital Transformation

Digital Transformation

Operational Technology

Operational Technology

Third-Party Risk Mgmt

Third-Party Risk Mgmt

Business Alignment

Business Alignment

Role & Accountability

Role & Accountability

Malicious Insiders

Malicious Insiders

Optimization

Endpoint Security

Orchestration and Automation

Malicious Insiders

Web Security

Cyber Threat Intelligence

Role and Accountability

Threat Management

Operational Technology

Zero Trust

Application Security

Web3

Nation State

Cloud Security

Privacy

Business Alignment

Third Party Risk Management

Change Management

Network Security

Artificial Intelligence

Staffing

Big Data

Vulnerability Management

Machine Learning

Configuration Management

Detection and Response

Patch Management

Data Protection

Identity Access Management

DevSecOps

Technology

Asset Management

Natural Language Processing

Email Management

Resilience

Secure Access Service Edge

Penetration Testing

Negligent Insiders

Security Info & Event Mgmt

Blockchain

Digital Transformation

Threat Hunting

Governance

Budget

Security Operations Center

Risk Management

Organized Crime

Compliance

Incident Response

Fusion Center

Hacktivist

Consumer privacy laws have expanded in recent years, with five U.S. states enacting new protections that take effect in 2023. But that's just the tip of the Privacy iceberg as organizations grapple with a complex web of regulatory obligations and consumer expectations. Organizations that build a people-first privacy program will be ready to face the challenges ahead.

As organizations’ use of big data continues to grow, extracting value while maintaining security has become a greater challenge. For the average organization, security technologies are often siloed, creating an overwhelming amount of threat telemetry that’s difficult to capture and analyze. Optiv helps clients design, build and secure big data infrastructures by analyzing (and effectively normalizing) data to drive business benefit. These solutions can unite and fully harness the power of existing security technologies. Optiv big data solutions can also be deployed in support of general business use cases to enhance insights and decision making around initiatives such as revenue optimization, customer engagement and cost reduction.

Organizations struggle with expanding amounts of data, a growing number of security tools and an increase in locations where data--especially sensitive data--is stored. Plus, changing regulatory and compliance requirements add complexity for organizations when creating data protection strategies and implementing technology solutions. Data Protection was called out as the most effective technology to reduce cyber risks among more than twenty security technology categories in a recent survey of security executives by Optiv/ESI ThoughtLab. Not surprisingly, data protection was also identified as the area of largest current investment focus.

To effectively compete in the digital economy, companies are investing in new technologies faster than ever before. But they often underestimate the impact these technology investments have on people and processes. Change often is met with resistance, but Organizational Change Management helps organizations to quickly and effectively align stakeholders, onboard users and accelerate adoption.

By protecting criticial systems from downtime and safeguarding customer privacy, security leaders are quickly becoming critical partners for digital transformation success. That said, CISOs have their work cut out for them in terms of continuing to educate business executives and the board of directors about the challenges and accomplishments of their role. CISOs typically come from a technical background, while executives usually don't, often leading to cultural miscommunications. Security programs continue to consolidate under the leadership of the CISO. In larger organizations, the CIO and CISO tend to share responsibility for the security program. Previously an uncommon title, the share of organizations with a CISO role has been steadily rising.

Cyber threat intelligence (CTI) is critical to gain perspective on adversarial tactics, techniques and procedures. CTI helps security teams be more proactive in threat prevention and more effective in threat detection and response. CTI is also a key input for proactive threat hunting.

Web3 is a term coined in 2014 to describe a possible future of the internet based on the ideal of decentralization as enabled by blockchain technology. This concept was developed as a reaction to the perceived over-centralization of the internet in the hands of large corporations under the current Web2 model. Proponents argue that applications of blockchain like cryptocurrency, smart contracts and non-fungible tokens (NFTs) will allow anyone with sufficient coding knowledge to build their own platforms outside of what is currently established. However, critics claim that Web3 is a murky idea at best and that it could lead instead to decreased moderation and an increase in harmful content and cybercrime, while only shifting power, not decentralizing it. Interest in Web3 has picked up since 2021, though the infrastructure to actually implement it is still lacking. According to a 2022 paper published by Zhuotao Liu et al., the three key enablers are “individual smart-contract capable blockchains, federated or centralized platforms capable of pushing verifiable states, and an interoperability platform to hyperconnect those state publishers to provide a unified and connected computing platform.”

Security organizations are struggling due to a shortage of talent and an abundance of tools to manage and alert overload. Security orchestration, automation and response (SOAR) platforms provide relief by aggregating security intelligence and context from disparate systems and applying machine intelligence to streamline (or even automate) the incident detection and response process.

Traditional security perimeters are dissolving as organizations accelerate digital transformation initiatives and extend their IT estates outside of corporate networks and into the public cloud and IoT. Zero Trust (ZT) is not a new technology, but rather a pragmatic framework for how to integrate multiple security controls. ZT relies heavily on IAM and emphasizes a couple important principles: Never trust, always verify. Continuously authenticate and authorize identities at multiple points across the IT estate. Just because an identity was admitted at one point of entry does not mean it can be “trusted” to access all other resources on the network. Enforce least privilege. Ensure identities can access only those resources which are required to complete their job function and nothing more.

Lack of skilled personnel is consistently mentioned by organizations as one of the top inhibitors to building effective cybersecurity programs. Organizations can create substantial competitive advantage based on their ability to attract, train and retain cyber talent. Another alternative is to leverage outside experts through consulting or outsourcing partnerships.

Machine learning (ML) analyzes and synthesizes an avalanche of information that humans alone could not match. It's the practice of using algorithms to parse data, learn from it and then make a determination or prediction about something in the world. ML could ultimately represent another attack vector for cyber adversaries as they look to hack into and corrupt ML processing models to degrade their capabilities for cyber defense.

New vulnerabilites appear every day, but the majority of exploited vulnerabilites are already known by security and IT professionals at the time of an incident. When it comes to managing their vulnerabilities, many organizations are playing "Whack-a-Mole," but an effective vulnerability management program includes continuous scanning, prioritized remediation, completion tracking, root-cause analysis and detailed reporting.

Configuration management proactively and continuously monitors and hardens the security configurations of an organization’s operating systems, applications and network devices. A formalized configuration management program is important to demonstrate compliance with various regulations including PCI DSS and HIPAA.

Effective patch management is a critical component within a security program. Many high-impact breaches stem from unpatched vulnerabilities, where the patches already exist. However, teams have to find the time to test and implement patches across complex environments, which is not always a fast or easy process. Knowing what is being exploited by attackers and how critical vulnerabilities are within your environment can make a big difference.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), malicious insiders might pose intentional threats to an organization for personal or financial gain. Since insiders are familiar with an organization's security environment, they know how to take advantage of less-obvious vulnerabilities. Malicious insiders are thus much harder to detect and contain.

The proliferation of connected devices, including internet of things (IoT), interntet of medical things (IoMT) and operational technology (OT), promises to greatly enhance user experience for consumer-focused implementations and boost operational efficiencies and effectiveness within enterprise applications. However, the resulting increase in the number of smart endpoints connected to corporate networks also creates significantly more entry points for cyber adversaries.

Optiv routinely sees client environments that utilize 50 or more discrete security technologies. There is certainly no shortage of well-funded cybersecurity technology companies out there all positioning their vision as the best solution in the market. This presents a major challenge for security practitioners and one where a trusted partner like Optiv is ideally positioned to help provide perspective and guidance. Tackling your technology is tough and it is easy for your technology to get out of hand. Rationalizing, optimizing and managing are all key activities to think about with your security technology to ensure your technology is working well for you and maximizing your effectiveness.

Many breaches are the result of deficiencies in IAM programs and with the rise in remote work, a trend that's likely to continue. However, many aspects of IAM can be complex and require the development of a formalized plan to drive maturity and support business initiatives. We often see identity handed in a technology- or problem-forward way, but it's best to take a holistic, integrated approach.

The rise of AI, machine learning (ML) and generative AI (GenAI) brings tremendous opportunities for developing products, services and applications, as well as automating processes, improving customer experiences, increasing productivity and more. However, without effective monitoring, governance, tooling and awareness, a reliance on AI can pose significant legal, ethical and security risks. Cyber adversaries will harness the power of AI to more efficiently launch cyberattacks involving phishing, image deepfakes, password cracking, voice spoofing and other tactics. In order to leverage the power of AI without increasing risks, organizations must train business leaders and employees in AI literacy, implement AI governance to encourage responsible innovation and operationalize secure AI and manage it throughout the lifecycle.

For Optiv, the concept of "fusion center" describes a necessary evolution and improvement beyond current-generation SOC capabilities that center around device management and monitoring. In contrast to SOCs, fusion centers are designed to be proactive and can be thought of as technology enhanced by human oversight. A fusion center takes a holistic view of the environment, rather than focusing solely on endpoints and known vulnerabilities.

Asset management is critical to an effective cybersecurity strategy. You can't properly secure what you don't know exists. In addition, by continuously tracking and optimizing the IT asset footprint, other functions such as patch management become far more streamlined.

Blockchain is a method to record transactions that provides high security by design: transactions are verified with advanced cryptography and spread across many computers in a peer-to-peer network (distributed ledger). Blockchain implementations are still nascent, and this immaturity makes it challenging to predict the ultimate impact the technology will have. Blockchain applications are of particular interest to threat actors capitalizing on emerging technologies. This technology will likely influence cybersecurity applications related to data and identity integrity and transaction protection. Blockchain captured the imagination of the market, but production deployments at scale are limited so far.

Almost every organization recognizes the importance of digital transformation (DX). However, DX initiatives frequently outpace the ability of the IT organization to provide effective security. Future growth will depend on the adoption of a different business model and a new set of assumptions about what success will look like.

Cyber breaches are a fact of doing business these days, but resilience in the face of cyberattacks means more than a beefed-up business continuity and disaster recovery (BCDR) plan. Resilient organizations shift from a reactive mindset to a proactive one that allows them to bounce back stronger than before.

Email should be a focal point for security executives for several reasons. First, it continues to be one of the most effective attack vectors for cybercriminals. Second, an organization-wide breach can be sparked with a single click. Business email compromises (BECs) have emerged as a top social engineering tactic with reports of misrepresentation rising.

Detection and response is an overarching term commonly used to represent the practices of identifying, analyzing and responding to cyber threats and malicious activity within a client's environment. The main goal is to always defend the organization's cyber infrastructure and ensure no digital assets are compromised. Popular new tools incorporate data at the endpoint (endpoint detection and response, or EDR) and in the network. Increasingly, telemetry beyond the endpoint and network is being aggregated into an MDR (managed detection and response) platform.

The number of identities organizations must manage is ballooning, especially when you factor in all the non-human ones, like bots, applications and systems. Identity governance can help you understand the state and sources of all your identities and also includes things like account administration, role-based access control, segregation of duties and identity auditing.

Innocent mistakes and carelessness can cause significant negative impacts for a breached organization. This is especially true in remote work settings, as all workplace activity is not centralized on in-office devices, networks and systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) divides unintentional threats into two categories: negligent and accidental threats. Negligent insiders might have a sense of security awareness, but they still do not adhere to security best practices because they ignore them or underestimate the severity of threats. For example, they might neglect to download a new security update or allow someone claiming to be a contract worker into their workplace building elevator without question. An accidental threat, on the other hand, is a result of a lack of understanding of threats. Clicking malicious links from phishing emails is common example of an accidental threat. To reduce threats from negligent emails, security awareness and training are vital.

Digital transformation means risk is getting more complex. The trouble is, many organizations are struggling to keep up. We've found that the biggest three areas for improvement are: 1. Risk and data governance: Organizations don't always know where their data is, who can access it or how it's protected. 2. Keeping pace with changes: Lots of things are changing and they're changing fast. Data is rapidly moving to the cloud and there are more connected devices than ever before (with no signs of slowing down). 3. Communication: Explaining the current health of your security is tricky enough; it gets harder when leaders don't speak technology.

To more rapidly access required capabilities or enhance business agility, organizations are increasingly relying on partnerships with third-party entities. These third-party relationships often involve important IT connectivity and potentially the sharing of sensitive information. Unless properly managed, this partner ecosystem can represent a significant cybersecurity risk as attackers look to exploit the weakest links in order to gain access to their primary target. In such a dynamic environment, a set-it-and-forget-it approach to third-party risk management is inadequate and needs to be fortified with continuous review and analysis.

Attack surfaces are growing and organizations are having a hard time keeping up with new threat vectors. Vulnerabilities, misconfigurations and gaps in security can leave an organization open to attacks such as malware, ransomware, data theft and more. Penetration Testing can help find the vulnerabilities in your environment and close those gaps to improve your security posture. Organizations that only use automated tools or run automated penetration tests can miss gaps in defenses. Optiv recommends methods that go beyond traditional automated scanning to test your attack surface inside and out.

Security information and event management (SIEM) is a foundational tool that provides better visibility into threats, accelerates detection and response and boosts the efficiency of security operations. Unfortunately, SIEMs can be expensive to resource and complex to operate. To be most effective, SIEMs require continuous fine tuning.

Regulations are constantly evolving as evidenced by the recent initiation of new regulations like the Cyber Incident Reporting Act in the U.S. and provisional agreement on the Digital Operational Resilience Act (DORA) in the EU. Due to the risk of financial penalties and adverse impacts to the business, compliance mandates are listed among the top factors that drive cybersecurity programs.

Due to the growing sophistication of attacks, endpoint security was forced to evolve beyond signature-based blocking. Therefore, next-gen antivirus incorporates new prevention techniques that do not rely on signatures. Endpoint detection and response (EDR) is a complex technology that is most applicable for mature security organizations, but can also be effectively leveraged through relationships with outside managed detection and response (MDR) providers.

Natural language processing (NLP) has its origins in the 1950s, beginning with a portion of Alan Turing’s proposed test of computer intelligence and John Searle’s Chinese Room experiment. Early NLP was based on giving a computer a set of rules which it then applied to language data, which could produce deceptively human-like responses – so long as the computer “knew” the right rules. The 1980s marked a transition to a statistical model that gave translations as an array of possibilities weighted by certainty. In the mid-2010s, the field shifted to focus on deep neural networks for machine learning, where research continues today. The potential applications for NLP are breathtaking. Implementations of natural-language generation, dialogue management and question answering could reduce load on IT and security teams by handling simple end-user requests and processing log alerts into language that is more readily understood.

Secure Access Service Edge (SASE) is a term coined by Gartner in 2019. While still emerging, SASE can dramatically simplify WAN access and security for remote worker and distributed branch office use cases. In the SASE model, intelligence to deliver WAN access and security are consolidated into a cloud-delivered offering. This dramatically reduces the burden at the branch level to manage on-prem infrastructure, while at the same time harnessing the agility of the cloud to seamlessly support growth in users or functionality. From a security standpoint, SASE aspires to consolidate multiple controls, including, but not limited to: secure web gateway, CASB, DLP, Zero Trust network access/software defined perimeter and firewalling.

The digital ambitions of most organizations can also dramatically expand their cyber attack surface by pushing IT infrastructure into the cloud, connecting IoT and accelerating software development cycles. Security leaders must become more aware of business objectives and strive to demonstrate how cyber programs enable business success.

Secure web gateways represent a mature market, but they provide value for advanced URL filtering and threat defense. Traditional web security capability is becoming increasingly sourced from cloud-based offerings rather than on-prem appliances. Taking that trend a step further, many technology vendors are increasingly consolidating web security, CASB, DLP, lighter-weight firewall and other security components and delivering them as an integrated cloud service.

DevSecOps is a software development best practice that embraces the inherent agility benefits of DevOps, but recognizes that security testing and validation needs to be infused early in the process. An effective DevSecOps program promotes collaboration between release engineers and security teams and expands responsibility for security to include everyone. The end goal is to ensure code is delivered quickly and securely.

Many organizations have developed security operations centers (SOCs), which are traditionally built around a team of people who enhance their ability to monitor and manage alerts with technology. They are typically reactive in nature, with logs and rules keyed towards monitoring the network and endpoints and focusing on known threats. A SOC is a great start, but due to their reactive nature, increasingly sophisticated threat actors and the perennial challenge of keeping security seats filled, they often fall behind. These days, savvy security organizations are shifting to the more proactive fusion center model.

Cybercriminals are increasingly organizing among themselves, leading to the creation of a variety of cybercrime as-a-Service platforms, including ransomware as-a-Service (RaaS) and malware as-a-Service (MaaS). These services allow criminals to conduct cyberattacks without knowing how to write a single line of code or how to find buyers for any data they steal. Security companies would do well to follow the example set by collaborative criminals: hackers have decided they're all on the same team, so we should be, too.

Being ready and able to respond is best accomplished by continually assessing your security controls and processes, as well as testing and training people. The best defense is a holistic approach to Threat Management where you test and assess your people, processes and technology, remediate your vulnerabilities and build your capabilities to respond and recover from incidents.

Lack of budget continues to rank among the top inhibitors to building an effective security program. Cybersecurity generally occupies 5-15% of IT budgets. A quick budget win for any organization is to evaluate your current security stack to ensure you're deriving the most value out of existing tools before buying new ones.

It's not a matter of "if" but "when." Incidents come in many sizes, and if they catch an organization unprepared, the damage can be financial and reputational--possibly resulting in the loss of customers/employees. Organizations with an Incident Response Plan (IRP) who practice it regularly and test their people, processes and technology for gaps are in the best position to respond and recover in the event of an attack. For some organizations, minimizing the disruption to business operations means having a partner on call for incident response, with guarantees service-level agreements for event handling, years of experience with security incidents and a proven Incident Management Framework (IMF) derived from industry standards.

Web application vulnerabilities are a leading source of security incidents. Organizations struggle to secure APIs, and attackers have taken notice by increasing their focus on APIs. From December 2020 to June 2021, the percentage of API traffic that was malicious grew from 1.4% to 2.6%. Finding and fixing vulnerabilities can be tough when it is not clear which and how many apps need to be secured. Application Security experts help organizations innovate digitally and securely through the identification and mitigation of security risks in application technologies, processes and code.

Threat hunting is a proactive, ongoing effort to identify and eradicate adversaries that have already pierced security controls and are dwelling in an organization's network. Effective threat hunting leverages threat intelligence, telemetry from security tools and the ingenuity of the threat analyst to uncover hidden threats.

It might seem odd to think of governments as potential threat actors, but in recent years, nation-state and state-backed threat actors have been on the rise. This group of cyber combatants, sometimes also referred to as advanced persistent threats (APTs), typically possess the most sophisticated capabilities due to direct or clandestine government funding and support. Although nation-states like China, Russia, North Korea and Iran typically deny any connection to these groups, their goals frequently align with those of the government hosting them.

Public cloud services are the foundation of the digital business’s agility and innovation. As companies rush to the cloud, however, input from the security team is not relied upon as frequently as perhaps it should be. As organizations increasingly shift their workloads into the public cloud, best practices suggest that security teams should be involved early in the strategy process to minimize risk.

A small minority of breaches are related to hacktivist activity, where goals are related to neither financial gain nor espionage, but rather ideological ends. Common hacktivist tactics include denial-of-service attacks designed to send a public message in support of their cause. They often utilize hyperbolic messaging to express their grievances against the entity they are targeting.

Network security is likely one of the largest line items in the security technology budget. In the era of digital transformation, the old paradigm of the protected network perimeter has become less relevant. Network security concepts are being forced to morph with the advent of virtual/cloud IT environments and distributed IoT devices. Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure, including data access governance, encryption and DLP.

Due to an overwhelming number of disparate tools in their environment, many organizations are hitting the tipping point where tech sprawl has actually become counter-productive. Security teams are spending so much time simply managing the tech stack and drowning in all the associated alerts that it detracts from security effectiveness. It's not easy to validate which tools in the environment are actually performing as expected and providing value. The ideal architecture would consist of the minimum number of tools that could be tightly integrated to provide the maximum security effectiveness. Investments in underutilized or underperforming tools could then be recycled into higher ROI propositions.

Learn more about Optiv Managed Detection and Response (MDR)

Learn More About Nation State

Learn More About Security Operations Centers

Learn More About Blockchain

Learn More About Budget

Learn More About Artificial Intelligence

Learn More About Web3

Learn More About Organized Crime

Learn More About Hacktivist

Learn More About Natural Language Processing

Learn More About Threat Hunting

Learn More About Threat Management

Learn More About Fusion Centers

Learn More About Negligent Insiders

Bu

Bu

Ni

Ni

Sas

Sas

Go

Go

Cm

Cm

Rs

Rs

Cti

Cti

Dso

Dso

Cfg

Cfg

Visit the Blog Post "Solving Metaverse Vulnerabilities and Threats is No Piece of Cake"

Read "How to Rationalize Cybersecurity Tools in Turbulent Times" Blog Post

Zero Trust

Watch Video

See Our Security Operations Center Video

Visit the Blog Post "Russia/Ukraine Update – February 2023"

Visit the Blog Post "State of Ransomware: 2022 in Review

Read the Blog Post

Visit Optiv's Webpage on Red & Purple Teaming

Read the Blog Post

See Our Security Operations Center Video

Visit Optiv's Threat Management Page

Visit Optiv's Page on Cybersecurity Education and Training

Governance

Governance

Change Management

Change Management

Configuration Management

Configuration Management

Resilience

Resilience

DevSecOps

DevSecOps

Budget

Budget

Negligent Insiders

Negligent Insiders

Cyber Threat Intelligence

Cyber Threat Intelligence

Secure Access Service Edge

Secure Access Service Edge

Visit the Webpage

Learn More About Zero Trust

Learn More About Cloud Security

Rm

Rm

Bd

Bd

Iam

Iam

Pt

Pt

Tm

Tm

Si

Si

Zt

Zt

St

St

Oc

Oc

Ns

Ns

Th

Th

Bc

Bc

Learn More About Orchestration and Automation

Learn More About Business Alignment

Learn More About DevSecOps

Learn More About Governance

Learn More About Role and Accountability

Learn More About Staffing

Learn More About Asset Management

Learn More About Email Management

Learn More About Digital Transformation

Learn More About Big Data

Learn More About Patch Management

Learn More About Data Protection

Learn More About Application Security

Learn More About Configuration Management

Learn More About Penetration Testing

Learn More About Machine Learning

Learn More About Endpoint Security

Learn More About Risk Management

Learn More About Vulnerability Management

Learn More About Privacy

Learn More About Cloud Security

Learn More About Incident Response

Learn More About Malicious Insiders

Learn More About Compliance

Learn More About Third Party Risk Management

Staffing

Staffing

Penetration Testing

Penetration Testing

Threat Management

Threat Management

Risk Management

Risk Management

Security Info & Event Mgmt

Security Info & Event Mgmt

Zero Trust

Zero Trust

Threat Hunting

Threat Hunting

Blockchain

Blockchain

Learn More About Optimization

Big Data

Big Data

Identity & Access Mgmt

Identity & Access Mgmt

Network Security

Network Security

Learn More About Cyber Threat Intelligence

Organized Crime

Organized Crime

Learn More About Change Management

Learn More About Resilience

Learn More About Operational Technology

Download the Flex Services Service Brief

Visit Optiv's Zero Trust Page

Visit Optiv's Network Security Services Page

* Cisco 2018 Annual Cybersecurity Report.

Learn More About Security Info & Event Management

Visit Optiv's Business-Aligned Security Governance Page

Download the Field Guide

Download the Service Brief

Visit the Cybersecurity Dictionary

Vist Optiv's Identity Governance and Administration Page

Visit the Blog Post

Download Optiv's State of the CISO eBook

Download the Service Brief

Visit Optiv's Data Privacy Page

Download the Service Brief

Download the Service Brief

Download the Service Brief

Download the Service Brief

Visit Optiv's Third Party Risk Management Solutions Page

Download the Endpoint Configuration Review

Download the Field Guide

Download the Service Brief

Download the Endpoint Security Service Brief

Download the Service Brief

Download the Service Brief

Download the Service Brief

Download the Vulnerability Management Service Brief

Visit Optiv's Third Party Risk Management Page

Nt

Nt

Ml

Ml

Visit Optiv's Cybersecurity Compliance Services Page

Co

Co

As

As

Vm

Vm

Soc

Soc

Ai

Ai

Fc

Fc

We

We

Am

Am

Es

Es

Download the Service Brief

Te

Te

Download the Service Brief

View Optiv's Threat Intelligence Services

Download the Service Brief

Download the OT Field Guide

Visit Optiv's SIEM Services Page

Web3

Web3

Compliance

Compliance

Endpoint Security

Endpoint Security

Application Security

Application Security

Vulnerability Management

Vulnerability Management

Technology

Technology

Nation State

Nation State

Machine Learning

Machine Learning

Asset Management

Asset Management

Security Operations Ctr

Security Operations Ctr

Artificial Intelligence

Artificial Intelligence

Fusion Center

Fusion Center

Dr

Dr

Pm

Pm

Ws

Ws

Cs

Cs

Oa

Oa

Np

Np

Oz

Oz

Ha

Ha

Pr

Pr

Em

Em

Dp

Dp

Ir

Ir

Natural Lang Processing

Natural Lang Processing

Hacktivist

Hacktivist

Privacy

Privacy

Patch Management

Patch Management

Email Management

Email Management

Data Protection

Data Protection

Incident Response

Incident Response

Detection & Response

Detection & Response

Orchestration & Automation

Orchestration & Automation

Web Security

Web Security

Cloud Security

Cloud Security

Optimization

Optimization

Business Fundamentals

CISO Constraints

Security Program Fundamentals

Emerging Technology

Advanced Security Programs

IT Fundamentals

Threat Actors

VIEW

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs

Business Fundamentals

Business Fundamentals

IT Fundamentals

Security Program Fundamentals

Security Program Fundamentals

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs

Advanced Security Programs