How You Can Play Offense (Instead of Defense) With Actionable Intelligence
Share with Your Network
When war in Ukraine first erupted, countries around the globe turned their focus to the ground attacks. But a different kind of battleground was emerging in the digital realm, one the likes of which the world had never seen.
Since the beginning of the fighting, cyberattacks have skyrocketed, largely targeting Ukrainian infrastructure and critical civilian resources. Victor Zhora, the deputy head of Ukraine’s State Special Communications Service made a surprise appearance at the recent Black Hat conference to help paint a starkly honest picture for attendees of the cyberwar raging in Eastern Europe. “This is perhaps the biggest challenge since World War Two for the world,” Zhora told the Black Hat audience, “and it continues to be completely new in cyberspace.”
As the need for up-to-the-minute threat intelligence grew, Cisco Talos stepped in to equip organizations with the mission-critical insights they needed to strengthen their digital defenses. The Talos experts knew that businesses and livelihoods relied on actionable intelligence and threat hunting to anticipate future attacks. Months later, Talos is still providing these services for free to any Ukrainian organization that raises its hand for help. Ukraine recently honored their Independence Day on August 24th, offering a poignant reminder of their end goal, and that of any organization under cyberattack—independence, resilience, and strength.
This new breed of cyberwar signals an impending evolution for vulnerability management programs around the world. This new approach relies heavily on robust threat and vulnerability intelligence to power future-defining decision making and security resilience.
Why traditional vulnerability management impedes security resilience
The war in Ukraine wasn’t the first sign of a cybersecurity shift. Prior to the global pandemic, risk-based vulnerability management was becoming more mainstream. But with the onslaught of attacks that threat actors unleashed when companies were their most vulnerable, a risk-centric approach quickly became the gold standard. Even the federal government hopped aboard when the Cybersecurity and Infrastructure Security Agency (CISA) introduced the Binding Directive 22-01. This action single-handedly realigned public sector vulnerability management around active exploits.
There are sound reasons for this industry-wide shift. Traditional vulnerability management is often:
- Context starved. Traditional vulnerability management lacks organizational context sorely needed in today’s volatile climate. Commonly used vulnerability prioritization strategies, like those that rely on the Common Vulnerability Scoring System (CVSS), are starved of the contextual insight needed to understand exactly how much a particular exploit might impact a specific asset, application, or organization as a whole. And with more vulnerabilities than ever, the ability to separate the truly dangerous from the herd is paramount.
- Dangerously slow. Outdated vulnerability management is also rife with slow, manual processes, often trapped in static spreadsheets. Aggregating intel from multiple threat feeds, making sense of the overwhelming volumes of data, and overlaying organizational context on top of that is a heavy lift, requiring precious time and finite resources, and ultimately dragging down the speed of decision making. Top tier risk-based vulnerability management solutions do this automatically and serve up tailored, actionable insights to security and business leaders who don’t need a background in data analytics to decipher. When time is of the essence and teams are faced with unprecedented threats, data-driven risk-based prioritization unlocks the ability to glean critical insights faster.
- Reactive. Since traditional prioritization approaches are often spreadsheet-based and driven by educated guesses, forcing Security and IT teams to focus on what has happened rather than what will happen. Traditional vulnerability management models simply can’t offer the predictive analytics that risk-based models can, so those organizations are always going to play defense. Leading risk-based solutions with finely-tuned exploit prediction models allow teams to shift their focus forward, assume a proactive security stance, and anticipate the next big threat.
- Static. Vulnerabilities are constantly changing, as exploits occur or become more pervasive, or new data emerges underscoring specific assets at risk. Since they’re a moving target, security leaders need a solution that can track them in near real time.
Enhancing actionable intelligence enhances security resilience
A recent PwC survey revealed that C-level executives and board members, even leaders in marketing and finance, all consider cybersecurity a serious priority. The findings also underscored the importance of proactively leveraging data intelligence to measure cyber risks and unearth blind spots within your environment.
That’s what Cisco is working to achieve for organizations looking to future-proof their security operations. Cisco Secure is building an integrated, open solution designed to enable Security and IT teams to bridge disparate data sets, gain granular network visibility, automate resource-draining workflows, and predict the next attack. This level of network protection and efficiency is achieved through enhanced threat intelligence, helping trust the data driving your decisions and navigate change with confidence.
Risk is not a one-size-fits-all factor. Neither is vulnerability prioritization, especially when the need for resilience is at an all-time high. Gaining actionable intel helps you identify the real risks and keep those moving targets squarely in your crosshairs.