This blog was originally published by JupiterOneHere.
Written by Jennie Duong,Jupiter One.
Cybersecurity Forecast 2022: More of the same, only worse. Yes, the sophistication of cyber attacks is increasing by the minute. Unfortunately, so are the rewards for ransomware and stolen data. Except onenew ESG researchpoints to the real reason why the threat landscape is likely to worsen in the coming year. In an era where remote workers, digital transformation, and everything in the cloud are at the center of everything, the task of understanding and securing the growing ecosystem of devices, users, systems, repositories, workloads, and other cyber assets becomes increasingly and more complicated. Unfortunately, more and more organizations struggle to protect something they don't know exists. Because attacks come from all directions, 69% of surveyed organizations reported experiencing at least one exploit from an unknown, unmonitored, or mismanaged Internet IT resource.
As the attack surface expands, managing our IT becomes more and more difficult. The number of system vulnerabilities and potential threats is increasing. Without a clear understanding of what you are trying to defend, it is nearly impossible to perform proper security checks. To turn things around, security and risk management professionals need a comprehensive approach to cyber asset management. But many have questions.
Let's take a look at the five most frequently asked questions about cyber resources.
Question #1: What exactly is cyber asset management?
Cyber asset management is the process of gaining complete visibility of all your assets and who and what they are associated with. Spoiler alert: this is no small feat.
Almost a third (32%) of organizations surveyed ESG report that an asset inventory requires up to ten different tools. About half (48%) say it takes more than 89 man-hours to create an asset inventory. For many cloud-based businesses/companies/organizations, individual tools and manual processes make it unrealistic to track and maintain an accurate picture of thousands of ever-changing assets.
A growing number of companies are discovering that the visibility necessary to implement a strong security program requires Cyber Attack Surface Management (CAASM). CAASM is an emerging technology that addresses long-standing issues of asset visibility and vulnerability. According to Gartner, solutions using this technology gain full visibility and centralized inventory control across all assets, both internal and external, by integrating the API with existing tools.
Most importantly, CAASM-based solutions enable organizations to gain a deep understanding of all the relationships between their cyber assets: this includes everything from users and identities to code repositories, endpoints, ephemeral devices and more. all in real time, automatically and continuously updated.
Question #2: How is CAASM different from IT Asset Management?
IT Asset Management (ITAM) is a set of practices and technologies for managing endpoints, servers, devices, applications, and other hardware and software in an IT environment.
While this may include security aspects, ITAM primarily focuses on using a configuration management database (CMDB) or other tools to capture IT assets and configure them. This approach helps IT organizations manage access control, optimize costs, and maintain licenses. CAASM-based technologies not only give organizations a single view of all their cyber assets, but also put them in context. In CAASM, it is not the cyber assets that really matter, but the relationship between them. If a cyber asset is compromised, it is important to understand the full scope of the threat, including all access rights, associations, and context in the asset's chain of relationships.
CAASM largely automates the work required to register all resources and context. Before CAASM, there were no good options for SMBs or companies using the cloud to automate these critical activities. CAASM solutions enable organizations to quickly identify the scale of vulnerabilities and security control vulnerabilities and gain context for breaches, issues and other security program requirements.
Question #3: How does improving cyber asset management translate into improved cyber hygiene and mindset management?
The asset inventory hurdles I just mentioned are not uncommon. Nearly 66% of organizations have an incomplete or outdated asset inventory, leading to security issues and vulnerabilities.
Cyber asset management using CAASM-style technology enables security teams to improve basic security hygiene by helping them ensure that security controls, security posture and asset exposures are continuously understood and remedied across the environment.
Organizations implementing CAASM reduce reliance on their own systems and manual data collection processes and optimize recovery with automated workflows and accurate asset context. In addition, such organizations can visualize a range of security tools and remediate source systems that may contain old or missing data. Today's most trusted CAASM solutions monitor asset compliance by automatically enforcing security, which is critical as your needs grow. This includes "Security Policy as Code" (SPaC), which is the automatic detection and management of cyber assets that are automatically linked to the required security policies. It may even include continuous monitoring of the compliance progress of all cyber assets to prevent compliance or security vulnerabilities.
Question #4: Why is end-to-end asset visibility an essential business foundation?
A complete and up-to-date view of assets is the foundation of every management and security appliance in every organization.
Assets are constantly changing, devices and workers are added or removed daily, and stakeholders regularly install and update applications (sanctioned or unsanctioned). Add to that digital transformation, the proliferation of IoT, virtualization, and native and hybrid cloud moves, and asset visibility becomes even more important. Different teams manage assets in different ways, which greatly increases complexity. If you're running security operations, a unified view of exactly where it is and what it's connected to is a must. CAASM-based solutions automatically update resources across the ecosystem and provide the framework for building a robust cybersecurity program.
If a user or asset is at risk, it is extremely important to understand the size of the potential blast radius to minimize damage. At a time when the average cost of a data breach is currently high8.6 million dollarsper incident for US-based companies, ransomware fraud rates are as high as40 million dollarsand risks such asLog4Shell errorsurface with alarming regularity, every second counts.
Question #5: What strategies are most important when managing cyber assets?
Modern cybersecurity is based on an organization's knowledge of its IT ecosystem and cyber assets. Knowing what's there and where, as well as all the associated metadata for each item, allows you to build an effective security program based on this contextual knowledge.
To successfully launch a cyber asset management program, organizations need to reduce complexity and gain a unified view of their IT assets and how they connect to each other. They also need the ability to ask the right questions – not just the “what” but the “why” of all cyber assets. The best place to start is to implement a CAASM-based solution.
Integrating and combining resources into a powerful knowledge graph creates vision and context. The more integrations you connect, the more you can see and understand in the environment of your cyber assets.
Important questions, a basic answer
When you add it all up, it becomes clear that reduced visibility means greater risk. The number of cyber assets is increasing, creating new attack vectors. If you don't know what's in your IT ecosystem and how it's all interconnected, you can't secure it. Cyber Asset Management is a comprehensive approach to gain the visibility your security teams need. Spending hundreds of hours on multiple tools to get this visibility is difficult to manage and impossible to scale. In contrast, CAASM-based technologies are proving to be very effective in integrating existing security and IT tools into a single view.
With the right solutions, security teams can discover, analyze and investigate all cyber assets in their environment. They can understand the connections between these elements to determine and control the blast radius of new attacks. They also have the visibility and control they need to simplify security and management like never before.
More details can be found in the full ESG reportHealth Safety and Attitude Management Study 2021for more information on key trends affecting vulnerability management. Then lookGartner's recent report on CAASMto learn why this emerging technology should be the focus of your team's security agenda for 2022 and beyond.