Regardless of their size, all companies can suffer attacks, with organizations with fewer protection measures being the most likely to suffer incidents. Not having adequate defense measures increases the chances of losing or damaging your information.
A security breach is any incident that results in unauthorized access to computer data, applications, networks, or devices.
While some of the security breaches are intentional, they can also be unintentional, for example, if a laptop is lost, or a USB stick with sensitive data. Or if they grant erroneous access permissions to an employee.
Cyber attacks always have the deliberate intention of inflicting damage, which can be executed by external agents such as hackers or criminal groups, or by personnel within the organization such as dissatisfied employees, contractors, etc.
According to the U.S. National Institute of Standards and Technology (NIST), the security posture is
"The security status of a company's networks, information, and systems, based on its security resources (e.g., people, hardware, software, policies), and existing capabilities to manage the organization's defense and react as situations change."
An organization's security posture refers to its ability to realize that a security breach has occurred or that it is being subject to a cyber attack, and how it reacts to these incidents.
An organization's security posture measures:
- The level of visibility you have into asset inventory and its attack surface.
- The controls and processes that have been implemented to protect it against cyberattacks and breaches.
- The effectiveness of security controls and processes.
- The skill with which incidents are detected and contained.
- The ability to react and recover from security events.
The security posture of companies includes the establishment of risk indicators, which measure the degree of exposure of the organization. They generally cover data security, networking, vulnerability analysis results, penetration testing, awareness campaigns, training against social engineering attacks, security breach prevention training, vendor, and third-party risks, among others.
With a clear understanding of the security posture, organizations can identify areas of acceptable risk and direct resources to remediate them.
What are the most important challenges?
It is becoming increasingly difficult to identify and assess security risks, because the security posture is dynamic and evolves over time.
The digital transformation of companies, the use of SaaS applications, IoT, Shadow IT, physical cyber systems, hyper-converged infrastructure, among many others, have caused attack surfaces to be constantly changing, expanding very quickly.
How can the security posture be improved?
Establishing a process that allows:
- Keep asset inventory updated frequently.
- Continuously and consistently monitor vulnerabilities and potential threats
- Analyze security risks and their impacts
- Establish security metrics.
- Prioritize vulnerability remediation taking into consideration ongoing threats, level of exposure, existing controls, level of impact, criticality of the asset to the organization, acceptable risk level.
- Response and recovery plans.
- Create an incident response team.
- Document and measure improvements in security posture.
What technologies exist?
In the market there are technologies that allow to support security posture programs such as:
CSPM - Cloud Security Posture Management
They are automated solutions that allow you to proactively identify, alert and correct misconfigurations in cloud services.
The IaaS and PaaS services establish a model of shared responsibility in the security of their platforms, where the providers have the responsibility of the protection of the infrastructure and the configuration of the services is done by the clients.
The CSPM provides visibility into assets, metadata cloud configurations, network changes, security parameters, policy changes, and identifying errors in environment configuration.
CSPM tools can compare the configurations of a cloud, against pre-established company rules, benchmarks, best practices and applicable regulations, to identify incorrect configurations, exposed ports, unauthorized modifications.
CSPM tools analyze storage spaces, identifying excessive permissions and ensuring proper database operation, backups, encryption, replication, etc.
They monitor unusual or anomalous activity, inappropriate accesses that may be indicative of malicious activity.
The applications of the CSPM:
- Serverless Code
SSPM - SaaS security posture management
An important feature of SaaS applications is that they can be accessed from anywhere on the internet and from multiple devices causing the attack surface to be out of the control of organizations.
SSPM tools are platforms that allow continuous monitoring (through agents or APIs) of SaaS applications, to ensure that they comply with regulations, best practices giving visibility to configuration errors.
Common applications that can be monitored with SSPM are, Slack, Salesforce, Microsoft 365, Gmail, among many others.
ASPM - Application Security Posture Management
Platforms that allow the monitoring, evaluation and remediation of vulnerabilities during the development cycle and release to production of applications.
ASPM platforms automate the identification of assets related to application development, and the orchestration of different security tools.
Application security posture platforms enable you to:
- The aggregation and centralization of findings and remediations from multiple security tools such as:
- Application Security Testing (AST).
- Static Application security Testing (SAST).
- Dynamic Application Security Testing (DAST).
- Interactive Aplication Security Testing (IAST).
- Software Composition Security Testing (SCA).
- Integrate into CI/CD cycles, detecting and remediating critical risks in application code
- Normalize, de-duplicate, correlate, and prioritize findings across multiple tools.