THE BALBIX BLOG

Musings on predictive cyber risk and resilience.

 

Improving Your Security Posture in 3 Easy Steps

Security posture, which is the aggregate security status of all assets in your organization, has an inverse relationship with cybersecurity risk. If you strengthen your security posture, you reduce overall risk. Sounds great in theory, but aren't all infosec teams trying to reduce risk via a stronger security posture? What is the practical starting point for getting this done?

Peter Drucker, father of modern business management, famously wrote, "if you can't measure it, you can't improve it." This advice definitely applies here. If you want to improve your security posture, you need to measure it. 

1. Inventory and Categorize All Assets

Since security posture requires us to identify the overall security of all assets in our network, the first step is to identify those assets. Below is a screenshot from the Balbix dashboard for an organization that has just over 50,000* assets. The system automatically discovered and categorized these assets, and will continue to modify the inventory as it changes.

Screen Shot 2020-04-20 at 10.19.37 AM

*On average, customers' guesses for the number of assets in their network are 25-35% lower than what is actually on their network. 

From the screenshot, you can tell that every asset has been categorized by asset type, and also whether it's a perimeter or a core system. From this single chart, we can already tell that this organization has high risk in their core servers, as well as in PCs and mobile devices on the perimeter. That's a clue that indicates where this company might start to improve their security posture. 

2. Identify the Biggest Risk Drivers

Now that we have identified all assets, let's look at an alternative view of this chart - a heatmap that describes risk likelihood and impact of a breach by asset type.

Screen Shot 2020-04-20 at 10.25.36 AMAs the legend indicates, the size of each bubble represents the impact, or business criticality, of the asset grouping that the platform automatically created. The color represents the likelihood of a breach. In simple terms, we really don't want to see any big red bubbles on this chart. I have hovered over one of the big red bubbles in the screenshot - this one represents mission critical Windows Servers. There are only 39 assets in this group, but they have a high likelihood and they run important data and applications, so they are driving a lot of the cyber risk in this organization. 

3. Remediate Highest Priority Risks

In order to have the biggest possible impact on security posture improvement, this organization should focus on making the big red bubbles into big green bubbles. Taking those 39 mission critical Windows Servers as the starting point, the screenshot below shows prioritized risk insights, which are the sets of improvements that will have the greatest impact on overall risk reduction. 

Screen Shot 2020-04-20 at 10.32.56 AMFor this asset group, unpatched software is driving the most risk. The second item on the list is propagation risk - where privileged users that are able to administer one or more of these Windows servers are doing so from insecure machines. Rounding out the top three, we see clients using weak passwords to access the Windows servers. 

Overall, these assets are in need of immediate improvement in 5 of 9 areas on the Balbix Breach Method Matrix - Weak Credentials, Trust Relationship and Unpatched Assets represent the top 3 that we just discussed. A quick click to drill down will highlight exactly what needs to be done to correct these issues. 

If this organization preferred to prioritize across all assets instead of just mission critical Windows Servers, they would simply remove the asset filter to see priorities across all assets in the enterprise, as shown below.

Screen Shot 2020-04-20 at 10.43.19 AM

Using this approach on an ongoing basis has proven to yield dramatic increases in security posture across Balbix customer organizations. 

Elements of Security Posture Transformation