The Challenge: As the threat landscape worsens, many enterprises fail to contain cyber-attacks, experience a breach and are forced to deal with the consequences. Often, the pressures of breach response mobilize the entire security department into reactive investigations, reporting and other compliance-motivated activities. Strategic planning goes out the window and when the dust settles, few of the root causes of defensive failures have been addressed.
Our Solution: Security Architects Partners advises that organizations stay strategic in the aftermath while still addressing all the regulatory, audit and public relations requirements through incident response. We can help you do this through following methodology:
- Failure mode identification: Once investigations of the breach have been completed, a wealth of data on the successful cyber-attack and the surrounding IT/security environment should be available. We catalogue the failure modes and conduct a limited security assessment of their root causes and prevalence throughout the enterprise. For example, the root cause(s) of a web app vulnerability may have been gaps in secure software development, vulnerability management, or risk assessment processes.
- Retrospective Kill Chain Analysis (KCA): Security Architects Partners performs an analysis of where all identified failure modes were (or could have been) leveraged in attack paths against the enterprise.
- Control candidate identification: We use the modified KCA to match failure modes with controls that might contain them.
- Risk mitigation analysis: We perform an optimization analysis of alternative sets of controls discovered through KCA to identify which ones most effectively reduce the likelihood and/or impact of individual failure modes, or clusters of gaps.
- Roadmap and recommendations development: Finally, Security Architects Partners recommends a detailed roadmap of strategic security initiatives with specific projects to put the optimal control sets in place.
Benefits: Breach aftermath strategic planning ensures that all the forensic investigations and detailed reporting don’t get so far into the weeds that they lose the big picture. We assist clients in capturing the lessons learned, potentially impressing savvy auditors and regulators. Even more importantly, our process translates the detailed data into a strategic program of action that ensures investments in remediation are well-spent and risk of further breaches is greatly reduced.