Active Countermeasure Intelligence Technology

Current state of the industry

While the security and compliance world is fast maturing, the promise of full automation, when we’ve completely solved security through technology, remains far out on the horizon. Even today, with the creation of standards like Open Vulnerability and Assessment Language (OVAL) and Security Content Automation Protocol (SCAP), the vulnerability management process is a challenging one, often involving manual efforts with less than perfect information on which to prioritize effort. This means the fundamental process of assessing risk and compliance against policies will not go away anytime soon.

  • Vulnerability assessment still largely revolves around a scan-and-patch paradigm, although there are numerous operational and business obstacles that make it difficult to simply patch or otherwise directly mitigate every discovered issue.
  • It’s very difficult to drive a consistent, complete risk assessment process spanning network, application and web layers from pre-production software development through to standard operating systems, off-the-shelf software and network devices. This is because these tools operate in different worlds and involve differing mitigation strategies.
  • Although some converged security solutions are emerging, most enterprises have numerous security products deployed that address varying types of risks and threats operating at a specific layer throughout their defense in depth model. As a result, we have layer specific data resulting in siloed processes and information.
  • Security and operations functions are still in the process of converging. Those responsible for performing a remediation task and those in the security organization have information needs that differ. This causes challenges when trying to facilitate a security process across functional areas.

It’s very difficult to compare an already complex and challenging risk assessment process with the existing security countermeasures that are in place so that the optimal mitigation strategy is deployed. This must also be carried out under the umbrella of corporate security policy. This gap creates exposure, duplication of effort, non-compliance and overall inefficiency and higher costs to secure the environment and comply with regulations.

The near future of the industry

As an industry, we are at the point where the ability to generate massive amounts of layer specific data is in place. We are even beginning to turn data into intelligence in many situations based on smart vendors and practitioners solving problems. The next step will be to create true knowledge out of data, in the process making enterprise wide intelligence immediately actionable to mitigate risk. In parallel with this, we must of course always keep pace with the evolving threat vector and changing computing environment.

  • Risk data will be assimilated and unified throughout the different risk inputs including vulnerabilities, software weaknesses, configuration state data and malware data.
  • Next generation remediation decision frameworks will identify how discovered risks are already being mitigated by presently installed countermeasures.
  • A common platform to facilitate seamless processes across security and operations must emerge
  • Next generation intelligence platforms will show risks and threats with added situational context (identity, time of day, business application) to enable better security processes.
  • Big data analytics will be applied to security to enable a smarter, more agile approach to threat management.

What chief information security officers really need is a solution that unifies the elements of risks, articulates the attributes of those risks and intelligently maps them to the most effective countermeasures based on those attributes.

Critical Watch is the first and only Active Countermeasure Intelligence technology. It combines comprehensive risk intelligence with active mitigation.

The Role of Standards Going Forward

Beginning with common vulnerabilities and exposures (CVE) and now with OVAL and SCAP, the standards community has created the framework to automate the assessment of risk and the validation of configuration compliance. By creating standard ways to define software flaws/vulnerabilities, misconfigurations, software weaknesses and system names, a foundation for interoperability is put in place.

  • OVAL acts as the chassis to enable a standardized approach to performing vulnerability or system characteristic assessment
  • Extensible Configuration Checklist Description Format (XCCDF) acts as a meta policy language to formalize security policy guidance into sets of OVAL checks
  • SCAP is the fundamental protocol or set of specifications that connects all these components

Newer efforts are building on the pieces described above to apply the same approach to create standard ways to articulate emerging attack patterns and facilitate interoperability among risk sources and threat protection solutions.

target

It’s this next frontier that presents an opportunity to automate not just assessment and compliance validation, but also the rest of the incident lifecycle through to remediation. The connective tissue the standards represent provides opportunities for vendors to build new and powerful linkages to create the next generation of security management solutions. Critical Watch ACI will be at the forefront of this effort.