Cybersecurity landscape is laden with myths and misconceptions. In this article we will look at top 5 myths for a good “reality check”.

Myth #1 – Poor proactive security is acceptable as long as you have good reactive cybersecurity.

Reality #1 – Good focus on proactive cybersecurity ensures good cybersecurity posture for the organization.

Sadly this is the current state of affair at most organizations given the heavy focus on reactive cybersecurity (with EDR/XDR/SIEM/SOAR, etc.). This approach implies that your security teams frequently end up dealing with fires all throughout. Forewarned is forearmed. Proactive cybersecurity is preventive in nature – it involves taking into account all your attack surfaces plus potential threats and seeks to identify critical vulnerabilities so that these can be addressed before these lead to larger potentially damage causing circumstances. The silver lining is that we are seeing a shift with more organizations now employing proactive measures for cybersecurity.

Myth #2 – My VM program already ensures proactive cybersecurity.

Reality #2 – VM program needs to provide true continuous assurance without scans for proactive cybersecurity.

Vulnerability Management (VM) program cannot provide proactive cybersecurity unless your VM program provides continuous assurance / assessment without the need for any scheduled or recurring vulnerability scans. ThreatWatch ATTENU8 platform identifies around 1400+ new vulnerabilities every week i.e. around 200 new vulnerabilities on a daily basis. Scheduled or recurring vulnerability scans imply that you are still playing catch-up. For example if you run scheduled scans every week or fortnight, then you will get to know about impacts of emerging threats and vulnerabilities after a week or fortnight.

Myth #3 – Vulnerabilities on internal assets are not that important.

Reality #3 – Vulnerabilities on internal assets are equally important and need to be remediated.

Most organizations tend to focus on scanning their external attack surfaces for vulnerabilities, while ignoring internal systems (i.e. systems behind a firewall). It is important to realize that attackers may land inside in your infrastructure in various ways and once inside they leverage vulnerabilities on internal systems for privilege elevation and lateral movement. It is surprising that though organizations focus on reactive security (i.e. adversary presence inside the network), they still don’t consider assessing internal systems for vulnerabilities nor addressing vulnerabilities on internal systems.

Myth #4 – My public cloud provider ensures that my cloud infrastructure is secure.

Reality #4 – Security of your public cloud infrastructure is a shared responsibility.

This is a common misconception that the cloud provider caters to all security aspects of your cloud infrastructure. Security of your public cloud infrastructure is a shared responsibility. For example – remediating vulnerabilities on your virtual machines (IaaS) in public cloud is your responsibility. It is interesting to note that missing configurations and misconfigurations contribute to highly significant number of cloud breaches. 65% of security challenges in the cloud arise from misconfigurations. Gartner predicts that through 2025, 99% of cloud security failures will be customer’s fault. Standards like CIS benchmarks can help organizations ensure a required level of cyber hygiene for their public cloud usage resulting in improved cybersecurity posture.

Myth #5 – Organizations need separate tools for different attack surfaces.

Reality #5 – With toolset consolidation organizations can leverage single tool to secure multiple attack surfaces.

Attack surfaces in any organization can be quite varied (cloud/container/code/corporate/IoT, etc.). Securing these diverse attack surfaces has forced organizations to use multiple tools in the past. However, given the focus on toolset consolidation, organizations need not be compelled to use different tools for varied attack surfaces anymore. Gartner’s 2020 CISO Effectiveness Survey found that 78% CISOs have 16 or more tools in their cybersecurity vendor portfolio, while 12% have 46 or more (reference). Gartner predicts that consolidated security platforms are the future. ThreatWatch can help proactively secure multiple attack surfaces (cloud/container/kubernetes/code/corporate, etc.) resulting in cybersecurity toolset reduction while providing a unified view across these attack surfaces.

Reach out to me to know more about how ThreatWatch can help proactively secure your attack surfaces ranging from “cloud – container – kubernetes – code – corporate and more” without requiring any scans nor any agents.

Leave a Reply

Your email address will not be published. Required fields are marked *