A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks just sit there, dormant, until an emergency happens.
'Dealing with SOC Operations for more than a decade, I have seen nearly 60 percent of SOC Incidents are repeat findings that keep re-surfacing due to underlying unmitigated Risks. Here the actors may be different, however the risk is mostly the same. This is causing significant alert fatigue.' – Deodatta Wandhekar, Head of Global SOC, SecurityHQ.
Combining Frameworks and Best Practices
These risks can be prevented. A platform that combines the best practices of multiple frameworks is the solution to tackle this issue.
What is NIST?
The National Institute of Standards and Technology (NIST) plays a central role in presenting companies with an opportunity to develop a comprehensive cybersecurity posture to prevent or lessen the impact of cyberattacks. NIST provides a comprehensive and structured approach to assess, manage, and mitigate cybersecurity risks effectively.
Read 'Building a Resilient Digital Future: NIST's Impact on Cybersecurity' for more details on NIST structures.
What is MITRE?
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework is a knowledge base of adversary tactics, techniques, and procedures (TTPs). These TTP's are based on real-world observations, used by numerous threat actors, that have been made globally accessible to be used as the foundation for threat models and methodologies. MITRE has a 'mission to solve problems for a safer world, by bringing communities together to develop more effective security.'
Read 'How the MITRE ATT&CK Framework Has Revolutionized Cyber Security' for more information on MITRE practices.
What is NCSC?
The National Cyber Security Center (NCSC) combines expertise from CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure (National Protective Security Authority, NPSA). It is a London-based organization with the aim of making the UK a safer online place. They work collaboratively with other law enforcement, defense, intelligence, and security agencies and international partners to ensure their data is as accurate and actionable as possible.
Risk Intelligence Combined with SHQ Response Platform
The SHQ Response Platform from SecurityHQ started as a sophisticated cyber incident response solution designed for swift detection, analysis, and mitigation of security threats. It has now significantly evolved so that, according to a recent press release, 'SecurityHQ has combined its intellectual property and knowledge on risk mitigation and cybersecurity, and merged this with several recognized sources in the industry, including NIST, NCSC, and MITRE to provide actions on how to identify, map, and raise risks.'
'SHQ Response Platform will help reduce this alert fatigue by focusing on mitigating the common risk. Not just that, it will be quintessential to translate a mere one liner Risk Statement into an actionable mitigation plan. SHQ Response platform makes Risk Creation a very simple process by providing the user with a library of intricately linked Threat Events, Impacts and Controls by leveraging industry standard knowledge base of NIST, MITRE and NVD.' – Deodatta Wandhekar, Head of Global SOC, security
- Calculate the impact of security threats on business.
- Calculate the likelihood of risks happening.
- Identify different tactics and techniques.
- Know how to mitigate risks.
- Access everything from a single platform point.
What to Do Next
Orchestrate and enable collaboration, prioritize incidents, visualize risks, and empower integration with Incident Response.
Calculate the impact of security threats and the likelihood of risks happening, and highlight how best to mitigate these risks with Risk Management.
No matter how great a tool's capability is, remember that a tool is only as good as the experts running/controlling it. To get the full benefits of SHQ Response, you need a team of experts capable of analyzing and acting on data and mitigating the risks. To learn more about Risk Management, contact the team here.
Note: This article was expertly written by Eleanor Barlow, Content Manager at SecurityHQ.