®
Security concerns of the modern-day CISO
Share This:
Optimization
Oz
Technology
Te
Staffing
St
Budget
Bu
Role and
Accountability
Ra
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Negligent
Insiders
Ni
Malicious
Insiders
Mi
Artificial
Intelligence
Ai
Artificial
Intelligence
Ai
Blockchain
Bc
Blockchain
Bc
Web3
We
Web3
We
Machine
Learning
Ml
Machine
Learning
Ml
Big Data
Bd
Big Data
Bd
Fusion
Center
Fc
Fusion
Center
Fc
Threat
Hunting
Th
Threat
Hunting
Th
Orchestration
& Automation
Oa
Orchestration
& Automation
Oa
Detection and
Response
Dr
Detection and
Response
Dr
Cloud
Security
Cs
Cloud
Security
Cs
Third-Party
Risk Mgmt.
Trm
Third-Party
Risk Mgmt.
Trm
DevSecOps
Dso
DevSecOps
Dso
Zero
Trust
Zt
Zero
Trust
Zt
Cyber Threat
Intelligence
Cti
Cyber Threat
Intelligence
Cti
Incident
Response
Ir
Incident
Response
Ir
Security Info
& Event Mgmt.
Si
Security Info
& Event Mgmt.
Si
Penetration
Testing
Pt
Penetration
Testing
Pt
Security Operations Ctr.
Soc
Security Operations Ctr.
Soc
Data
Protection
Dp
Data
Protection
Dp
Application
Security
As
Application
Security
As
Threat
Management
Tm
Threat
Management
Tm
Web
Security
Ws
Web
Security
Ws
Email
Management
Em
Email
Management
Em
Vulnerability
Management
Vm
Vulnerability
Management
Vm
Endpoint
Security
Es
Endpoint
Security
Es
Network
Security
Ns
Network
Security
Ns
Identity &
Access Mgmt
Iam
Identity &
Access Mgmt
Iam
Configuration
Management
Cfg
Configuration
Management
Cfg
Patch
Management
Pm
Patch
Management
Pm
Change
Management
Cm
Change
Management
Cm
Asset
Management
Am
Asset
Management
Am
Business
Alignment
Ba
Business
Alignment
Ba
Privacy
Pr
Privacy
Pr
Compliance
Co
Compliance
Co
Risk
Management
Rm
Risk
Management
Rm
Governance
Go
Governance
Go
Digital
Transformation
Dx
Digital
Transformation
Dx
CISO Constraints
Threat Actors
Emerging Technology
Advanced Security Programs
Security Program Fundamentals
IT Fundamentals
Business Fundamentals
* Cisco 2018 Annual Cybersecurity Report.
Zero
Trust
VIEW
Learn More About
Digital Transformation
®
Explore the elements that make up the cybersecurity landscape, from today's fundamentals to tomorrow's technology.
Visit the desktop version of the CISO Periodic Table to view the full experience.
Business Fundamentals
Digital
Transformation
Dx
Go
Governance
Risk
Management
Rm
These core frameworks will help ensure that your business objectives are aligned with your cybersecurity objectives.
Compliance
Co
Privacy
Pr
Business
Alignment
Ba
Digital Transformation
Almost every organization recognizes the importance of digital transformation (DX). However, DX initiatives frequently outpace the ability of the IT organization to provide effective security.
Future growth will depend on the adoption of a different business model and a new set of assumptions about what success will look like.
Governance
The number of identities organizations must manage is ballooning, especially when you factor in all the non-human ones, like bots, applications and systems.
Identity governance can help you understand the state and sources of all your identities and also includes things like account administration, role-based access control, segregation of duties and identity auditing.
Risk Management
Digital transformation means risk is getting more complex. The trouble is, many organizations are struggling to keep up. We've found that the biggest three areas for improvement are:
1. Risk and data governance
2. Keeping pace with changes
3. Communication
Explaining the current health of your security is tricky enough; it gets harder when leaders don't speak technology.
Compliance
Regulations are constantly evolving as evidenced by the recent initiation of new regulations like the Cyber Incident Reporting Act in the U.S. and provisional agreement on the Digital Operational Resilience Act (DORA) in the EU.
Due to the risk of financial penalties and adverse impacts to the business, compliance mandates are listed among the top factors that drive cybersecurity programs.
Privacy
New data privacy regulations are taking shape across the globe, building on momentum created by the enactment of the General Data Protection Regulation (GDPR) in the EU in 2018.
The first sweeping data privacy law in the U.S. was enacted on January 1, 2020 in the form of the California Consumer Privacy Act (CCPA). These laws are only the beginning of a global trend that will dramatically increase the requirements for cybersecurity programs in the future.
Business Alignment
The digital ambitions of most organizations can also dramatically expand their cyber attack surface by pushing IT infrastructure into the cloud, connecting IoT and accelerating software development cycles.
Security leaders must become more aware of business objectives and strive to demonstrate how cyber programs enable business success.
IT Fundamentals
Digital
Transformation
Dx
Change
Management
Cm
Configuration
Management
Cfg
Identity & Access
Management
Iam
Patch
Management
Pm
These elements will help you eliminate duplicative technologies and put the right security controls in place.
Asset Management
Asset Management is critical to an effective cybersecurity strategy. You can't properly secure what you don't know exists.
In addition, by continuously tracking and optimizing the IT asset footprint, other functions such as patch management become far more streamlined.
Change Management
To effectively compete in the digital economy, companies are pushing more change into IT production environments at a faster pace, which strains change management practices.
Formalized change management programs can slow progress, but must be ingrained in the evolving corporate culture. Good processes are built with verification and validation steps to catch exceptions and mistakes.
Patch Management
Effective patch management is a critical component to any security program.
While there are varying valid reasons for why it may not be feasible or a high priority to implement some patches, it's hard to accept that many high-impact breaches stem from vulnerabilities for which patches do exist.
Configuration Management
Configuration management proactively and continuously monitors and hardens the security configurations of an organization’s operating systems, applications and network devices.
A formalized configuration management program is important to demonstrate compliance with various regulations including PCI DSS and HIPAA.
Identity and Access Management
Many breaches are the result of deficiencies in IAM programs and with the rise in remote work, a trend that's likely to continue.
However, many aspects of IAM can be complex and require the development of a formalized plan to drive maturity and support business initiatives. We often see identity handed in a technology- or problem-forward way, but it's best to take a holistic, integrated approach.
Digital
Transformation
Dx
Network
Security
Ns
Email
Security
Em
Web
Security
Ws
Vulnerability
Management
Vm
Endpoint
Security
Es
Penetration Testing
There are only two ways to know if an organization’s people, processes and technologies are truly effective against an attacker: either get attacked by a good guy or get attacked by a bad guy. Utilizing offensive penetration testing teams (the good guys) brings the enemy’s perspective into consideration, helping organizations to focus their security strategy and execution on impactful remediations and improvements.
Up to 75% of the vulnerabilities typically exploited by the Optiv penetration testing team are not identified by a vulnerability scanner.
Application Security
Applications have long been a favorite vector for attackers, and the proliferation of new and more complex apps only muddies the waters for security teams. Finding and fixing vulnerabilities can be tough when it's not clear which and how many apps need to be secured. Not to mention, many developers aren't security professionals.
A secure software development life cycle (SDLC) model, however, can help teams "shift security left" so apps are designed with security in mind from the very beginning.
Cloud Security
Public cloud services are the foundation of the digital business’s agility and innovation. As companies rush to the cloud, however, input from the security team is not relied upon as frequently as perhaps it should be.
As organizations increasingly shift their workloads into the public cloud, best practices suggest that security teams should be involved early in the strategy process to minimize risk.
Threat Management
Effective threat management is about understanding your attack surface and gaps and what assets are most appealing to threat actors.
Being ready and able to respond is best accomplished by continually assessing your security controls and processes, as well as testing and training people.
Security Information and
Event Management
Security information and event management (SIEM) is a foundational tool that provides better visibility into threats, accelerates detection and response and boosts the efficiency of security operations.
Unfortunately, SIEMs can be expensive to resource and complex to operate. To be most effective, SIEMs require continuous fine tuning.
Security Operations Center
Many organizations have developed security operations centers (SOCs), which are traditionally built around a team of people who enhance their ability to monitor and manage alerts with technology. They are typically reactive in nature, with logs and rules keyed towards monitoring the network and endpoints and focusing on known threats.
An SOC is a great start, but due to their reactive nature, increasingly sophisticated threat actors and the perennial challenge of keeping security seats filled, they often fall behind. These days, savvy security organizations are shifting to the more proactive fusion center model.
Digital
Transformation
Dx
Application
Security
As
Threat
Management
Tm
Security Info
& Event Management
Si
Security
Operations Center
Soc
Cloud
Security
Cs
Data Protection
Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations, such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure, including data access governance, encryption and DLP.
Network Security
Network security is likely one of the largest line items in the security technology budget. In the era of digital transformation, the old paradigm of the protected network perimeter has become less relevant. Network security concepts are being forced to morph with the advent of virtual/cloud IT environments and distributed IoT devices.
Endpoint Security
Due to the growing sophistication of attacks, endpoint security was forced to evolve beyond signature-based blocking. Therefore, next-gen antivirus incorporates new prevention techniques that do not rely on signatures.
Endpoint detection and response (EDR) is a complex technology that is most applicable for mature security organizations, but can also be effectively leveraged through relationships with outside managed detection and response (MDR) providers.
Email Management
Email should be a focal point for security executives for several reasons. First, it continues to be one of the most effective attack vectors for cybercriminals.
Second, an organization-wide breach can be sparked with a single click. Business email compromises (BECs) have emerged as a top social engineering tactic with reports of misrepresentation rising.
Web Security
Secure web gateways represent a mature market, but they provide value for advanced URL filtering and threat defense. Traditional web security capability is becoming increasingly sourced from cloud-based offerings rather than on-prem appliances.
Taking that trend a step further, many technology vendors are increasingly consolidating web security, CASB, DLP, lighter-weight firewall and other security components and delivering them as an integrated cloud service.
Vulnerability Management
New vulnerabilites appear every day, but the majority of exploited vulnerabilites are already known by security and IT professionals at the time of an incident.
When it comes to managing their vulnerabilities, many organizations are playing "Whack-a-Mole," but an effective vulnerability management program includes continuous scanning, prioritized remediation, completion tracking, root-cause analysis and detailed reporting.
Security Program Fundamentals
Business Fundamentals
IT Fundamentals
Tap to Learn More About...
Security Program Fundamentals
Advanced Security
Programs
Emerging Technologies
CISO Constraints
Threat Actors
Incident
Response
Ir
Cyber Threat Intelligence
Cti
With so many security technologies and constantly changing threat landscapes, it is important to understand where to focus valuable time and limited budget.
Natural Lang.
Processing
Np
Web3
We
Blockchain
Bc
Natural Language Processing
Natural language processing (NLP) has its origins in the 1950s, beginning with a portion of Alan Turing’s proposed test of computer intelligence and John Searle’s Chinese Room experiment.
Early NLP was based on giving a computer a set of rules which it then applied to language data, which could produce deceptively human-like responses – so long as the computer “knew” the right rules.
Web3
Web3 is a term coined in 2014 to describe a possible future of the internet based on the ideal of decentralization as enabled by blockchain technology. This concept was developed as a reaction to the perceived over-centralization of the internet in the hands of large corporations under the current Web2 model.
Blockchain
Blockchain is a method to record transactions that provides high security by design: transactions are verified with advanced cryptography and spread across many computers in a peer-to-peer network (distributed ledger). Blockchain implementations are still nascent and this immaturity makes it challenging to predict the ultimate impact the technology will have.
Emerging Technology
CISO Constraints
Asset Management
Am
Budget
Bu
Technology
Te
Optimization
Oz
Staffing
St
From managing vendors to internal staff, these are the challenges CISO face and strategies to overcome them.
Role and Accountability
By protecting criticial systems from downtime and safeguarding customer privacy, security leaders are quickly becoming critical partners for digital transformation success.
That said, CISOs have their work cut out for them in terms of continuing to educate business executives and the board of directors about the challenges and accomplishments of their role.
Budget
Lack of budget continues to rank among the top inhibitors to building an effective security program. IT budgets commonly account for around 3-6% of an organization's total revenue. Cybersecurity generally consumes 5-15% of the IT budget.
Staffing
Lack of skilled personnel is consistently mentioned by organizations as one of the top inhibitors to building effective cybersecurity programs.
Organizations can create substantial competitive advantage based on their ability to attract, train and retain cyber talent. Another alternative is to leverage outside experts through consulting or outsourcing partnerships.
Technology
Optiv routinely sees client environments that utilize 50 or more discreet security technologies.
There is certainly no shortage of well-funded cybersecurity technology companies out there all positioning their vision as the best solution in the market. This presents a major challenge for security practitioners and one where a trusted partner like Optiv is ideally positioned to help provide perspective and guidance.
Optimization
Due to an overwhelming number of disparate tools in their environment, many organizations are hitting the tipping point where tech sprawl has actually become counter-productive.
Security teams are spending so much time simply managing the tech stack and drowning in all the associated alerts that it detracts from security effectiveness.
Secure Access Service Edge
Sa
Negligent
Insiders
Ni
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Malicious Insiders
While the majority of insider incidents are due to simple negligence or mistakes, malicious insiders are far more harmful and cause significantly more damage if they're successful.
Since insiders are familiar with an organization's security environment, they know how to take advantage of less-obvious vulnerabilities and are thus much harder to detect and contain.
Organized Crime
Cybercriminals are increasingly organizing among themselves, leading to the creation of a variety of cybercrime as-a-Service platforms, including ransomware as-a-Service (RaaS) and malware as-a-Service (MaaS).
These services allow criminals to conduct cyberattacks without knowing how to write a single line of code or how to find buyers for any data they steal.
Nation State
It might seem odd to think of governments as potential threat actors, but in recent years, nation-state and state-backed threat actors have been on the rise.
This group of cyber combatants, sometimes also referred to as advanced persistent threats (APTs), typically possess the most sophisticated capabilities due to direct or clandestine government funding and support.
Hacktivist
A small minority of breaches are related to hacktivist activity where the motivation is not related to either financial gain or espionage. Hactivist breach attribution has generally trended down over the past couple years.
Threat Actors
In order to gain enemy perspective, enterprises need to view their digital footprint with malicious intent.
Data
Protection
Dp
DevSecOps
Dso
Third-Party Risk
Management
Trm
Artificial
Intelligence
Ai
Detection &
Response
Dr
Orchestration
& Automation
Oa
Penetration
Testing
Pt
Fusion Center
Fc
Zero Trust
Traditional security perimeters are dissolving as organizations accelerate digital transformation initiatives and extend their IT estates outside of corporate networks and into the public cloud and IoT. Zero Trust (ZT) is not a new technology, but rather a pragmatic framework for how to integrate multiple security controls. ZT relies heavily on IAM and emphasizes a couple important principles:
Never trust, always verify. Continuously authenticate and authorize identities at multiple points across the IT estate. Just because an identity was admitted at one point of entry does not mean it can be “trusted” to access all other resources on the network.
Enforce least privilege. Ensure identities can access only those resources which are required to complete their job function and nothing more.
DevSecOps
DevSecOps is a software development best practice that embraces the inherent agility benefits of DevOps, but recognizes that security testing and validation needs to be infused early in the process.
An effective DevSecOps program promotes collaboration between release engineers and security teams and expands responsibility for security to include everyone. The end goal is to ensure code is delivered quickly and securely.
Third-Party Risk Management
To more rapidly access required capabilities or enhance business agility, organizations are increasingly relying on partnerships with third-party entities. These third-party relationships often involve important IT connectivity and potentially the sharing of sensitive information.
Unless properly managed, this partner ecosystem can represent a significant cybersecurity risk as attackers look to exploit the weakest links in order to gain access to their primary target. In such a dynamic environment, a set-it-and-forget-it approach to third-party risk management is inadequate and needs to be fortified with continuous review and analysis.
Artificial Intelligence
Artificial intelligence (AI) involves machines that can perform tasks that are characteristic of human intelligence.
Security practitioners have signficant optimism about the potential positive impact of AI for cyber defense. However, cyber adversaries will also harness the power of AI to launch increasingly sophisticated and dynamically adapting attacks.
Detection and Response
Popular new tools incorporate data at the endpoint (endpoint detection and response, or EDR) and in the network.
Increasingly, telemetry beyond the endpoint and network is being aggregated into an XDR (extended detection and response) platform.
Orchestration and Automation
Security organizations are struggling due to a shortage of talent and an abundance of tools to manage and alert overload.
Security orchestration, automation and response (SOAR) platforms provide
relief by aggregating security intelligence and context from disparate systems and applying machine intelligence to streamline (or even automate) the incident detection and response process.
Advanced Security Programs
These advanced security elements provide the knowledge and tools you need to advance your program’s maturity.
Share This:
Incident Response
For many organizations, a serious security incident is a matter of "when," not "if." This means that developing and practicing an incident response (IR) plan should be a critical objective for every CISO.
An effective cybersecurity incident response plan (CSIRP) lays out the appropriate response to a variety of possible incidents, so you're never left wondering what to do when a breach occurs.
Cyber Threat Intelligence
Cyber threat intelligence (CTI) is critical to gain perspective on adversarial tactics, techniques and procedures. CTI helps security teams be more proactive in threat prevention and more effective in threat detection and response. CTI is also a key input for proactive threat hunting.
Threat Hunting
Threat hunting is a proactive, ongoing effort to identify and eradicate adversaries that have already pierced security controls and are dwelling in an organization's network.
Effective threat hunting leverages threat intelligence, telemetry from security tools and the ingenuity of the threat analyst to uncover hidden threats.
Fusion Center
For Optiv, the concept of "fusion center" describes a necessary evolution and improvement beyond current-generation SOC capabilities that center around device management and monitoring.
In contrast to SOCs, fusion centers are designed to be proactive and can be thought of as technology enhanced by human oversight. A fusion center takes a holistic view of the environment, rather than focusing solely on endpoints and known vulnerabilities.
These elements represent innovations and trends in technology that we believe will have a direct impact on digital security.
Negligent Insiders
Many employees don't fully understand the policies, laws and regulations related to their jobs, or why they're important.
Unfortunately, innocent mistakes and carelessness can still cause significant negative impacts for a breached organization, particularly in the age of remote work.
Back to top
Back to top
Back to top
Back to top
Back to top
Back to top
Back to top
Secure Access
Service Edge
Sas
Secure Access
Service Edge
Sas
Ra
Role and
Accountability
Bu
Budget
Staffing
St
Technology
Te
Optimization
Oz
Malicious
Insiders
Mi
Negligent
Insiders
Ni
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Digital
Transformation
Almost every organization recognizes the importance of digital transformation (DX). However, DX initiatives frequently outpace the ability of the IT organization to provide effective security.
Future growth will depend on the adoption of a different business model and a new set of assumptions about what success will look like.
Download the Field Guide 3.0: Get SASE to Accelerate Your Digital Transformation
Business Fundamentals
Business Fundamentals
Learn More About
Governance
Vist Optiv's Identity Governance
and Administration Page
The number of identities organizations must manage is ballooning, especially when you factor in all the non-human ones, like bots, applications and systems.
Identity governance can help you understand the state and sources of all your identities and also includes things like account administration, role-based access control, segregation of duties and identity auditing.
Governance
Business Fundamentals
Learn More About
Risk Management
Visit Optiv's Third Party
Risk Management Solutions Page
Digital transformation means risk is getting more complex. The trouble is, many organizations are struggling to keep up. We've found that the biggest three areas for improvement are:
1. Risk and data governance: Organizations don't always know where their data is, who can access it or how it's protected.
2. Keeping pace with changes: Lots of things are changing and they're changing fast. Data is rapidly moving to the cloud and there are more connected devices than ever before (with no signs of slowing down).
3. Communication: Explaining the current health of your security is tricky enough; it gets harder when leaders don't speak technology.
Risk
Management
Business Fundamentals
The digital ambitions of most organizations can also dramatically expand their cyber attack surface by pushing IT infrastructure into the cloud, connecting IoT and accelerating software development cycles.
Security leaders must become more aware of business objectives and strive to demonstrate how cyber programs enable business success.
Business
Alignment
Business Fundamentals
Learn More About
Compliance
Visit Optiv's Cybersecurity Compliance
Services Page
Regulations are constantly evolving as evidenced by the recent initiation of new regulations like the Cyber Incident Reporting Act in the U.S. and provisional agreement on the Digital Operational Resilience Act (DORA) in the EU.
Due to the risk of financial penalties and adverse impacts to the business, compliance mandates are listed among the top factors that drive cybersecurity programs.
Compliance
To effectively compete in the digital economy, companies are pushing more change into IT production environments at a faster pace, which strains change management practices.
Formalized change management programs can slow progress, but must be ingrained in the evolving corporate culture. Good processes are built with verification and validation steps to catch exceptions and mistakes.
Change
Management
IT Fundamentals
Learn More About
Configuration Management
Download the Endpoint Configuration Review
Configuration management proactively and continuously monitors and hardens the security configurations of an organization’s operating systems, applications and network devices. A formalized configuration management program is important to demonstrate compliance with various regulations including PCI DSS and HIPAA.
Configuration
Management
IT Fundamentals
Asset management is critical to an effective cybersecurity strategy. You can't properly secure what you don't know exists.
In addition, by continuously tracking and optimizing the IT asset footprint, other functions such as patch management become far more streamlined.
Asset
Management
IT Fundamentals
Learn More About
Patch Managment
Download the Vulnerability Management Service Brief
Effective patch management is a critical component to any security program. While there are varying valid reasons for why it may not be feasible or a high priority to implement some patches, it's hard to accept that many high-impact breaches stem from vulnerabilities for which patches do exist.
Patch
Management
Dx
Go
Rm
Co
Pr
Business Fundamentals
Learn More About
Privacy
Visit Optiv's Data Privacy
Page
New data privacy regulations are taking shape across the globe, building on momentum created by the enactment of the General Data Protection Regulation (GDPR) in the EU in 2018.
The first sweeping data privacy law in the U.S. was enacted on January 1, 2020 in the form of the California Consumer Privacy Act (CCPA). These laws are only the beginning of a global trend that will dramatically increase the requirements for cybersecurity programs in the future.
Privacy
Ba
Am
Cm
Pm
Cfg
Iam
IT Fundamentals
Learn More About Identity Access Managment
Download the Identity
Case Study
Many breaches are the result of deficiencies in IAM programs and with the rise in remote work, a trend that's likely to continue. However, many aspects of IAM can be complex and require the development of a formalized plan to drive maturity and support business initiatives.
We often see identity handed in a technology- or problem-forward way, but it's best to take a holistic, integrated approach.
Identity Access
Management
Security Program Fundamentals
Network security is likely one of the largest line items in the security technology budget. In the era of digital transformation, the old paradigm of the protected network perimeter has become less relevant. Network security concepts are being forced to morph with the advent of virtual/cloud IT environments and distributed IoT devices.
Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations.
Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure, including data access governance, encryption and DLP.
Network
Security
Ns
Security Program Fundamentals
Email should be a focal point for security executives for several reasons. First, it continues to be one of the most effective attack vectors for cybercriminals.
Second, an organization-wide breach can be sparked with a single click. Business email compromises (BECs) have emerged as a top social engineering tactic with reports of misrepresentation rising.
Email
Management
Em
Security Program Fundamentals
Secure web gateways represent a mature market, but they provide value for advanced URL filtering and threat defense. Traditional web security capability is becoming increasingly sourced from cloud-based offerings rather than on-prem appliances.
Taking that trend a step further, many technology vendors are increasingly consolidating web security, CASB, DLP, lighter-weight firewall and other security components and delivering them as an integrated cloud service.
Web
Security
Ws
Security Program Fundamentals
Learn More About
Vulnerability Management
Download the Field Guide
New vulnerabilites appear every day, but the majority of exploited vulnerabilites are already known by security and IT professionals at the time of an incident.
When it comes to managing their vulnerabilities, many organizations are playing "Whack-a-Mole," but an effective vulnerability management program includes continuous scanning, prioritized remediation, completion tracking, root-cause analysis and detailed reporting.
Vulnerability
Management
Vm
Security Program Fundamentals
Learn More About Penetration Testing
Download the Service Brief
There are only two ways to know if an organization’s people, processes and technologies are truly effective against an attacker: either get attacked by a good guy or get attacked by a bad guy. Utilizing offensive penetration testing teams (the good guys) brings the enemy’s perspective into consideration, helping organizations to focus their security strategy and execution on impactful remediations and improvements.
Up to 75% of the vulnerabilities typically exploited by the Optiv penetration testing team are not identified by a vulnerability scanner.
Penetration
Testing
Pt
Security Program Fundamentals
Learn More About Application Security
Download the Identity
Case Study
Applications have long been a favorite vector for attackers, and the proliferation of new and more complex apps only muddies the waters for security teams.
Finding and fixing vulnerabilities can be tough when it's not clear which and how many apps need to be secured. Not to mention, many developers aren't security professionals.
A secure software development life cycle (SDLC) model, however, can help teams "shift security left" so apps are designed with security in mind from the very beginning.
Application
Security
As
Security Program Fundamentals
Learn More About Cloud Security
Download the Service Brief
Public cloud services are the foundation of the digital business’s agility and innovation. As companies rush to the cloud, however, input from the security team is not relied upon as frequently as perhaps it should be.
As organizations increasingly shift their workloads into the public cloud, best practices suggest that security teams should be involved early in the strategy process to minimize risk.
Cloud
Security
Cs
Security Program Fundamentals
Effective threat management is about understanding your attack surface and gaps and what assets are most appealing to threat actors.
Being ready and able to respond is best accomplished by continually assessing your security controls and processes, as well as testing and training people.
Threat
Management
Tm
Security Program Fundamentals
Learn More About Security Info & Event Management
Visit Optiv's SIEM
Services Page
Security information and event management (SIEM) is a foundational tool that provides better visibility into threats, accelerates detection and response and boosts the efficiency of security operations.
Unfortunately, SIEMs can be expensive to resource and complex to operate. To be most effective, SIEMs require continuous fine tuning.
Security Info &
Event Mgmt
Si
Security Program Fundamentals
Learn More About Security Operations Centers
Watch Video
Many organizations have developed security operations centers (SOCs), which are traditionally built around a team of people who enhance their ability to monitor and manage alerts with technology.
They are typically reactive in nature, with logs and rules keyed towards monitoring the network and endpoints and focusing on known threats. A SOC is a great start, but due to their reactive nature, increasingly sophisticated threat actors and the perennial challenge of keeping security seats filled, they often fall behind. These days, savvy security organizations are shifting to the more proactive fusion center model.
Security
Operations
Center
Soc
Security Program Fundamentals
Learn More About
Incident Response
Download the Field Guide
For many organizations, a serious security incident is a matter of "when," not "if." This means that developing and practicing an incident response (IR) plan should be a critical objective for every CISO.
An effective cybersecurity incident response plan (CSIRP) lays out the appropriate response to a variety of possible incidents, so you're never left wondering what to do when a breach occurs.
Incident
Response
Ir
Learn More About Cyber Threat Intelligence
View Optiv's Threat Intelligence Services
Cyber threat intelligence (CTI) is critical to gain perspective on adversarial tactics, techniques and procedures. CTI helps security teams be more proactive in threat prevention and more effective in threat detection and response. CTI is also a key input for proactive threat hunting.
Cyber Threat
Intelligence
Cti
Security Program Fundamentals
Learn More About
Endpoint Security
Download the Endpoint Security Service Brief
Due to the growing sophistication of attacks, endpoint security was forced to evolve beyond signature-based blocking. Therefore, next-gen antivirus incorporates new prevention techniques that do not rely on signatures.
Endpoint detection and response (EDR) is a complex technology that is most applicable for mature security organizations, but can also be effectively leveraged through relationships with outside managed detection and response (MDR) providers.
Endpoint
Security
Es
Security Program Fundamentals
Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure including data access governance, encryption and DLP.
Data Protection
Dp
Data protection was called out as the most effective technology to reduce cyber risks among more than twenty security technology categories in a recent survey of security executives by Optiv/ESI ThoughtLab. Not surprisingly, data protection was also identified as the area of largest current investment focus.
Advanced Security Programs
Learn More About Zero Trust
Visit Optiv's Zero Trust Page
Zero Trust
Zt
DevSecOps
Dso
Third Party
Risk
Management
Trm
Learn More About
Machine Learning
Download the Case Study
Machine
Learning
Ml
Learn More About
Detection and Response
Read the Blog Post
Detection and
Response
Dr
Learn More About Orchestration and Automation
Download the Service Brief
Orchestration
and Automation
Oa
Learn More About
Threat Hunting
See Our Security Operations Center Video
Threat Hunting
Th
Fusion
Center
Fc
Traditional security perimeters are dissolving as organizations accelerate digital transformation initiatives and extend their IT estates outside of corporate networks and into the public cloud and IoT. Zero Trust (ZT) is not a new technology, but rather a pragmatic framework for how to integrate multiple security controls. ZT relies heavily on IAM and emphasizes a couple important principles:
Never trust, always verify. Continuously authenticate and authorize identities at multiple points across the IT estate. Just because an identity was admitted at one point of entry does not mean it can be “trusted” to access all other resources on the network.
Enforce least privilege. Ensure identities can access only those resources which are required to complete their job function and nothing more.
DevSecOps is a software development best practice that embraces the inherent agility benefits of DevOps, but recognizes that security testing and validation needs to be infused early in the process.
An effective DevSecOps program promotes collaboration between release engineers and security teams and expands responsibility for security to include everyone. The end goal is to ensure code is delivered quickly and securely.
Advanced Security Programs
Advanced Security Programs
To more rapidly access required capabilities or enhance business agility, organizations are increasingly relying on partnerships with third-party entities. These third-party relationships often involve important IT connectivity and potentially the sharing of sensitive information.
Unless properly managed, this partner ecosystem can represent a significant cybersecurity risk as attackers look to exploit the weakest links in order to gain access to their primary target. In such a dynamic environment, a set-it-and-forget-it approach to third-party risk management is inadequate and needs to be fortified with continuous review and analysis.
Machine learning (ML) analyzes and synthesizes an avalanche of information that humans alone could not match. It's the practice of using algorithms to parse data, learn from it and then make a determination or prediction about something in the world.
ML could ultimately represent another attack vector for cyber adversaries as they look to hack into and corrupt ML processing models to degrade their capabilities for cyber defense.
Advanced Security Programs
Popular new tools incorporate data at the endpoint (endpoint detection and response, or EDR) and in the network. Increasingly, telemetry beyond the endpoint and network is being aggregated into an XDR (extended detection and response) platform.
Advanced Security Programs
Security organizations are struggling due to a shortage of talent and an abundance of tools to manage and alert overload.
Security orchestration, automation and response (SOAR) platforms provide relief by aggregating security intelligence and context from disparate systems and applying machine intelligence to streamline (or even automate) the incident detection and response process.
Advanced Security Programs
Threat hunting is a proactive, ongoing effort to identify and eradicate adversaries that have already pierced security controls and are dwelling in an organization's network. Effective threat hunting leverages threat intelligence, telemetry from security tools and the ingenuity of the threat analyst to uncover hidden threats.
Advanced Security Programs
Learn More About
Secure Access
Service Edge
Download the Field Guide
Secure Access Service Edge (SASE) is a term coined by Gartner in 2019. While still emerging, SASE can dramatically simplify WAN access and security for remote worker and distributed branch office use cases. In the SASE model, intelligence to deliver WAN access and security are consolidated into a cloud-delivered offering.
This dramatically reduces the burden at the branch level to manage on-prem infrastructure, while at the same time harnessing the agility of the cloud to seamlessly support growth in users or functionality. From a security standpoint, SASE aspires to consolidate multiple controls, including, but not limited to: secure web gateway, CASB, DLP, Zero Trust network access/software defined perimeter and firewalling.
Secure Access
Service Edge
Sas
Learn More About
Artificial Intelligence
Read "AI & Cybersecurity: Context is King" Blog Post
Artificial intelligence (AI) involves machines that can perform tasks that are characteristic of human intelligence. Security practitioners have signficant optimism about the potential positive impact of AI for cyber defense. However, cyber adversaries will also harness the power of AI to launch increasingly sophisticated and dynamically adapting attacks.
Initiatives based on AI and machine learning (ML) rapidly rose in strategic importance for organizations over the past couple years, and notably accelerated in the wake of the COVID-19 pandemic. Speculation abounds about the future promised by AI- and ML-powered security tools and attack techniques, but we're still in the early days of both technologies, so their abilities remain relatively narrow in scope.
Artificial
Intelligence
Ai
Learn More About
Big Data
Download the Service Brief
As organizations’ use of big data continues to grow, extracting value while maintaining security has become a greater challenge.
For the average organization, security technologies are often siloed, creating an overwhelming amount of threat telemetry that’s difficult to capture and analyze. Optiv helps clients design, build and secure big data infrastructures by analyzing (and effectively normalizing) data to drive business benefit. These solutions can unite and fully harness the power of existing security technologies.
Optiv big data solutions can also be deployed in support of general business use cases to enhance insights and decision making around initiatives such as revenue optimization, customer engagement and cost reduction.
Big Data
Bd
Emerging Technology
Web3 is a term coined in 2014 to describe a possible future of the internet based on the ideal of decentralization as enabled by blockchain technology. This concept was developed as a reaction to the perceived over-centralization of the internet in the hands of large corporations under the current Web2 model. Proponents argue that applications of blockchain like cryptocurrency, smart contracts and non-fungible tokens (NFTs) will allow anyone with sufficient coding knowledge to build their own platforms outside of what is currently established. However, critics claim that Web3 is a murky idea at best and that it could lead instead to decreased moderation and an increase in harmful content and cybercrime, while only shifting power, not decentralizing it.
Interest in Web3 has picked up since 2021, though the infrastructure to actually implement it is still lacking. According to a 2022 paper published by Zhuotao Liu et al., the three key enablers are “individual smart-contract capable blockchains, federated or centralized platforms capable of pushing verifiable states, and an interoperability platform to hyperconnect those state publishers to provide a unified and connected computing platform.”
Web3
We
Emerging Technology
Learn More About
Blockchain
Read the Blog Post
Blockchain is a method to record transactions that provides high security by design: transactions are verified with advanced cryptography and spread across many computers in a peer-to-peer network (distributed ledger).
Blockchain implementations are still nascent, and this immaturity makes it challenging to predict the ultimate impact the technology will have.
In coming years, the technology will likely influence cybersecurity applications related to data and identity integrity and transaction protection. Blockchain captured the imagination of the market, but production deployments at scale are limited so far.
Blockchain
Bc
CISO Constraints
By protecting criticial systems from downtime and safeguarding customer privacy, security leaders are quickly becoming critical partners for digital transformation success. That said, CISOs have their work cut out for them in terms of continuing to educate business executives and the board of directors about the challenges and accomplishments of their role. CISOs typically come from a technical background, while executives usually don't, often leading to cultural miscommunications.
Security programs continue to consolidate under the leadership of the CISO. In larger organizations, the CIO and CISO tend to share responsibility for the security program. Previously an uncommon title, the share of organizations with a CISO role has been steadily rising.
Role and
Accountability
Ra
CISO Constraints
Lack of budget continues to rank among the top inhibitors to building an effective security program. IT budgets commonly account for around 3-6% of an organization's total revenue. Cybersecurity generally consumes 5-15% of the IT budget.
A typical mid-sized enterprise has around 70-90 technologies in their environment. A quick budget win for any organization is to evaluate your current security stack to ensure you're deriving the most value out of existing tools before buying new ones.
Budget
Bu
CISO Constraints
Lack of skilled personnel is consistently mentioned by organizations as one of the top inhibitors to building effective cybersecurity programs. Organizations can create substantial competitive advantage based on their ability to attract, train and retain cyber talent. Another alternative is to leverage outside experts through consulting or outsourcing partnerships.
Staffing
St
CISO Constraints
Optiv routinely sees client environments that utilize 50 or more discrete security technologies. There is certainly no shortage of well-funded cybersecurity technology companies out there all positioning their vision as the best solution in the market. This presents a major challenge for security practitioners and one where a trusted partner like Optiv is ideally positioned to help provide perspective and guidance.
Technology
Te
CISO Constraints
Due to an overwhelming number of disparate tools in their environment, many organizations are hitting the tipping point where tech sprawl has actually become counter-productive. Security teams are spending so much time simply managing the tech stack and drowning in all the associated alerts that it detracts from security effectiveness.
It's not easy to validate which tools in the environment are actually performing as expected and providing value. The ideal architecture would consist of the minimum number of tools that could be tightly integrated to provide the maximum security effectiveness. Investments in underutilized or underperforming tools could then be recycled into higher ROI propositions.
Optimization
Oz
Threat Actors
While the majority of insider incidents are due to simple negligence or mistakes, malicious insiders are far more harmful and cause significantly more damage if they're successful.
Since insiders are familiar with an organization's security environment, they know how to take advantage of less-obvious vulnerabilities and are thus much harder to detect and contain.
Malicious
Insiders
Mi
Threat Actors
Many employees don't fully understand the policies, laws and regulations related to their jobs, or why they're important. Unfortunately, innocent mistakes and carelessness can still cause significant negative impacts for a breached organization, particularly in the age of remote work.
Negligent
Insiders
Ni
Threat Actors
Organized
Crime
Oc
Cybercriminals are increasingly organizing among themselves, leading to the creation of a variety of cybercrime as-a-Service platforms, including ransomware as-a-Service (RaaS) and malware as-a-Service (MaaS). These services allow criminals to conduct cyberattacks without knowing how to write a single line of code or how to find buyers for any data they steal. Security companies would do well to follow the example set by collaborative criminals: hackers have decided they're all on the same team, so we should be, too.
Threat Actors
Nation State
Nt
It might seem odd to think of governments as potential threat actors, but in recent years, nation-state and state-backed threat actors have been on the rise. This group of cyber combatants, sometimes also referred to as advanced persistent threats (APTs), typically possess the most sophisticated capabilities due to direct or clandestine government funding and support.
Although nation-states like China, Russia, North Korea and Iran typically deny any connection to these groups, their goals frequently align with those of the government hosting them.
Threat Actors
Hacktivist
Ha
A small minority of breaches are related to hacktivist activity, where goals are related to neither financial gain nor espionage, but rather ideological ends.
Learn More About
Asset Management
Download the Service Brief
Learn More About
Change Management
Download the Service Brief
Learn More About
Data Protection
Download the Service Brief
Learn More About
Threat Management
Visit Optiv's Threat Management Page
Learn More About
DevSecOps
Visit Optiv's Security Operations Page
Learn More About Third Party Risk Management
Download the Service Brief
Learn More About
Fusion Centers
See Our Security Operations Center Video
Learn More About
Malicious Insiders
Download the Service Brief
Learn More About
Negligent Insiders
Watch Video
Learn More About
Technology
Download the Service Brief
Learn More About
Optimization
Download the Service Brief
CISO Periodic Table
CISO PERIODIC TABLE
Resilience
Rs
Resilience
Rs
Natural Lang.
Processing
Np
Natural Lang.
Processing
Np
Security Program Fundamentals
Learn More About Resilience
Download the Field Guide
Cyber breaches are a fact of doing business these days, but resilience in the face of cyberattacks means more than a beefed-up business continuity and disaster recovery (BCDR) plan.
Resilient organizations shift from a reactive mindset to a proactive one that allows them to bounce back stronger than before.
Resilience
Rs
Emerging Technology
Natural language processing (NLP) has its origins in the 1950s, beginning with a portion of Alan Turing’s proposed test of computer intelligence and John Searle’s Chinese Room experiment. Early NLP was based on giving a computer a set of rules which it then applied to language data, which could produce deceptively human-like responses – so long as the computer “knew” the right rules. The 1980s marked a transition to a statistical model that gave translations as an array of possibilities weighted by certainty. In the mid-2010s, the field shifted to focus on deep neural networks for machine learning, where research continues today.
The potential applications for NLP are breathtaking. Implementations of natural-language generation, dialogue management and question answering could reduce load on IT and security teams by handling simple end-user requests and processing log alerts into language that is more readily understood.
Natural
Language
Processing
Np
Click each element to learn more
Learn More About
Business Alignment
Visit Optiv's Business-Aligned Security Governance Page
Business Fundamentals
Business Fundamentals
Business Fundamentals
Learn More About
Email Management
Visit the Cybersecurity Dictionary
Learn More About
Web Security
Read the Blog Post
Learn More About Cloud Security
Visit Optiv's Network Security Services Page
Advanced Security Programs
For Optiv, the concept of "fusion center" describes a necessary evolution and improvement beyond current-generation SOC capabilities that center around device management and monitoring.
In contrast to SOCs, fusion centers are designed to be proactive and can be thought of as technology enhanced by human oversight. A fusion center takes a holistic view of the environment, rather than focusing solely on endpoints and known vulnerabilities.
Learn More About Role and
Accountability
Download Optiv's State of the CISO eBook
Learn More About Budget
Read "How to Rationalize Cybersecurity Tools in Turbulent Times" Blog Post
Learn More About Staffing
Download the Flex Services Service Brief
Learn More About Organized Crime
Download A Visual Future of Cybersecurity
Learn More About
Nation State
Watch Nation States as Threat Actors Video
Big Data
Bd
Machine
Learning
Ml
Resilience
Rs
Secure Access
Service Edge
Sas
Machine Learning
Machine learning (ML) analyzes and synthesizes an avalanche of information that humans alone could not match. It's the practice of using algorithms to parse data, learn from it and then make a determination or prediction about something in the world.
ML could ultimately represent another attack vector for cyber adversaries as they look to hack into and corrupt ML processing models to degrade their capabilities for cyber defense.
Big Data
As organizations’ use of big data continues to grow, extracting value while maintaining security has become a greater challenge.
For the average organization, security technologies are often siloed, creating an overwhelming amount of threat telemetry that’s difficult to capture and analyze. Optiv helps clients design, build and secure big data infrastructures by analyzing (and effectively normalizing) data to drive business benefit.
Resilience
Cyber breaches are a fact of doing business these days, but resilience in the face of cyberattacks means more than a beefed-up business continuity and disaster recovery (BCDR) plan.
Resilient organizations shift from a reactive mindset to a proactive one that allows them to bounce back stronger than before.
Threat
Hunting
Th
Operational Technlogy
The proliferation of connected devices, including internet of things (IoT), interntet of medical things (IoMT) and operational technology (OT), promises to greatly enhance user experience for consumer-focused implementations and boost operational efficiencies and effectiveness within enterprise applications.
However, the resulting increase in the number of smart endpoints connected to corporate networks also creates significantly more entry points for cyber adversaries.
Secure Access Service Edge
Secure Access Service Edge (SASE) is a term coined by Gartner in 2019. While still emerging, SASE can dramatically simplify WAN access and security for remote worker and distributed branch office use cases.
In the SASE model, intelligence to deliver WAN access and security are consolidated into a cloud-delivered offering.
Advanced Security Programs
Operational Technology
Ot
Operational Technology
Ot
Operational
Technology
Advanced Security Programs
Ot
Learn More About Operational Technology
Download the Service Brief
The proliferation of connected devices, including internet of things (IoT), interntet of medical things (IoMT) and operational technology (OT), promises to greatly enhance user experience for consumer-focused implementations and boost operational efficiencies and effectiveness within enterprise applications.
However, the resulting increase in the number of smart endpoints connected to corporate networks also creates significantly more entry points for cyber adversaries.
