About the author
Roland Thomas
Associate Director | Corporate Development
Roland is an Associate Director in Thomas Murray’s Corporate Development team. He joined Thomas Murray in 2018 with responsibility for group strategy, partnerships and corporate finance. More recently, Roland’s role has focused on establishing Thomas Murray’s cyber risk business, starting in 2021 with the launch of our Orbit Security platform, and the development of our expert cyber risk consultancy. Roland has a BA in English Language and Literature from Oxford University.
Security teams face a common problem: Threat actors only need to get it right once. The global threat environment is changing constantly as cyber criminals become vastly more sophisticated. Blue teams can feel like they are constantly fire-fighting, rather than developing long-term security, and it doesn’t help that they are often absorbing, aggregating and prioritising vast quantities of unstructured threat intelligence.
Here’s what you need to know to DAM your cyber security: Discover, Analyse and Mitigate.
The cyber threat intelligence paradox: Too much CTI, or too little?
Many security teams have not yet reached the point of having real-time visibility over their organisations’ attack surfaces and the threats facing their business. They are often still focusing on getting the basics right, while missing critical threat intelligence. It’s a problem.
However, just as big a problem – and something we frequently hear from banks’ IT security teams – is that they are overwhelmed by data. They would like to absorb even more, but they simply do not have the hours to make use of it. There is a middle ground – and many of our clients have found it.
1. Identify the attack surface
The first problem is identifying your attack surface. Many IT security teams maintain a manual list of domains that it believes its organisation is exposing publicly, because it is the infrastructure it actively manages. However, medium and large businesses are rarely so simple. M&A, special purpose vehicles (SPVs), legacy software and legacy subsidiaries can lead to a large, messy and unmanaged attack surface. Getting real-time visibility over this infrastructure is half the battle.
2. Get timely, actionable cyber threat intelligence
The next problem is receiving timely, actionable CTI that doesn’t overwhelm you. When organisations choose to migrate from relying on open-source, unstructured CTI feeds to higher-value paid-for products, we often hear that they have been trialling solutions which are ‘too detailed’ or ‘too sophisticated’ for them.
What they really mean is that the solutions are confusing, illogical and lacking in clear prioritisation. There are plenty of providers out there. Make sure you work with a provider that isn’t trying to dazzle you with buzzwords while delivering a messy, sub-par product.
Finally, you need to act. Creating a remediation roadmap, allocating tasks to your team, prioritising urgent patches, and taking redundant infrastructure offline is simple if you are using a solution that:
- captures your entire public-facing IT infrastructure;
- monitors it constantly for breaches, vulnerabilities and misconfigurations;
- quantifies the risks; and
- tells you what the biggest threats facing your organisation are.
Instead of being overwhelmed with CTI feeds, your team can dramatically reduce the time it spends manually identifying issues for remediation.
3. Proactively manage your ecosystem
What comes next? Proactively managing your ecosystem of critical service providers and third parties using a combination of CTI and IT security questionnaires is essential. Reporting to your board with measurable, externally-validated key risk indicators is crucial. Tracking completed tasks and improvements to your security posture is a must-have for justifying future budget. All of this is easier if you start with logical, well-structured and prioritised threat intelligence.
Our Solution: Orbit Security
Instead of juggling multiple open-source and paid-for tools, Orbit Security is a single source of threat intelligence that automatically and continuously discovers your attack surface, monitors for breaches, vulnerabilities and misconfigurations, and recommends priorities for your remediation roadmap.
- Discover your attack surface using Orbit Security’s proprietary Network Footprint Discovery ML algorithm. From a single parent domain, we will discover all your interconnected infrastructure to a high degree of accuracy, regardless of who manages it.
- Analyse the threat intelligence assessments provided for every domain and sub-domain in your infrastructure, or view your risk exposure aggregated by the six threat categories in our methodology: Breach, Configuration, Mail, DNS, HTTP, SSL/TLS.
- Mitigate risks according to clear priorities set out in Orbit Security’s assessments, improve your security posture, monitor your third parties and report with confidence to your board.
Reporting is essential to any IT security team, and speaking senior management’s language is crucial. We help by providing off-the-shelf reports:
Management reporting
Our cyber security ratings present complex information in a way that’s easy for both stakeholders outside your team and senior management to understand, allowing you to communicate clearly and effectively what your security pain points are and what resources you need to address them.
Vendor risk reporting
You will be instantly notified if one of your third parties has its security rating downgraded. Thomas Murray will engage with them at your request to provide free and full access to their own threat intelligence assessment, improving the security of your entire ecosystem.