Blog

Cybersecurity Fundamentals: The Anatomy of Cyber Defense

If you want to be able to answer the question “are we protected?” you’ll need to get back to the fundamentals of cybersecurity. We’re not talking about patching or following a checklist or standard. Those are important, but don’t get to the root of the problem. Instead, cyber readiness is about knowing whether your people, processes, and technology are ready to protect, detect, and respond.

If you are cyber ready, you are able to see, assess, and test how all your systems are interacting and performing. It’s a bit like an MRI or how knowledge of human anatomy allows you to better understand the structure of the body.

SightGain helps you unpack the anatomy of your cyber defense so you can defend against the exploits that matter. Watch the video below for a more detailed explanation.

To learn more about how cybersecurity fundamentals can improve the performance of your system, contact SightGain today for a demo.

Learn More

Cyber Moneyball: Why Vulnerabilities Are A Waste Of Time

Top 5 SOC Metrics: Measure the Right Things

Cyber Readiness 101 – How to Measure Cybersecurity Performance on Production

Timestamps

0:00 Intro

0:20 The Problem with Patching

1:03 Offensive Cyber Operations

1:30 The First Principle of Cyber Readiness

1:48 SightGain Anatomy of Cyber Defense

2:28 Challenges We Face

2:38 Identify Performance Through Review

Video Transcription:

0:00 Intro

We want to be able to help executives answer the board’s questions of: “are we protected?” And be able to say yes, we tested it. We know that we’re good.

0:20 The Problem with Patching

So today, organizations generally focus on patches and tracking the status of their patching. The problem with this is twofold. Only one percent of vulnerabilities are ever exploited. So you’re spending a lot of time and energy to patch things that are not ever going to be a problem. The problem with this approach is that organizations assume that those patches are going to work and other configurations are accurate. When in reality, FireEye and others have shown year after year that organizations are missing over fifty percent of the threats when they arrive.

It’s important and critical that we start with those one percent of the exploits and know that you’re protected against the very threats that you could face, and be able to prove that as a first thing that you do.

1:03 Offensive Cyber Operations

As a planner for offensive cyber operations, we would focus on the weak points and exploit those. This offers us an opportunity because we know what the adversaries are doing. We know the techniques that they use. And if we test against those techniques, we have a firm foundation to build a better defense, to know that we’re actually stopping those techniques that are used all the time. If we test and improve performance against those techniques, we know we will be protected.

1:30 The First Principle of Cyber Readiness

As a first principle of cyber-readiness, we look at the aspects of protect, detect, and respond.

Recent innovations in the market have allowed us to unpack these down to the individual person, technology, and the processes that connect them. We boil this down into the anatomy of cyber defense.

1:48 SightGain Anatomy of Cyber Defense

So as you can see, by looking at the telemetry coming off of our system, you can see how well our overall performance is on protecting, and then those things that are not protected, how well they’re detected, and how those logs are flowing into our system, and how well the automation is occurring. And lastly, how well our people are responding, and their ability to understand and sense what is occurring, and what is not.

This anatomy of cyber defense allows us to understand how things are performing, where we have shortfalls and really make improvements based on what we’ve already bought as well as identify investments that we need to make.

2:28 Challenges We Face

The biggest challenge that we’ve seen is that organizations are just not testing their systems. If they did, they would see the ugly truth. They’re not actually stopping the threats that they’re supposed to be stopping.

2:38 Identify Performance Through Review

By looking at the anatomy and the telemetry of all of your individual components of the system, we can for the first time identify how things are working, and where the gaps are, how to make improvements, and where to invest by understanding the actual performance and how that measures up to the threats.

Be sure to subscribe, share, leave a comment below, we’re happy to answer any questions that you have. Have a great day.