A common theme at RSA 2017 is how vendors are measuring the effectiveness of their security solutions and how they can prove they are secure to the board and to regulatory bodies.
The predominant factor driving this theme is the increase of industry-wide security and regulatory mandates. Over the past few years, these mandates have continued their penetration into the business processes of organizations worldwide.
In my experience as an IT auditor as well as an IT security professional, I have seen the confluence of regulatory security policies and national mandates affect the bottom line of countless companies – all trying to better their security postures and ensure that their data/asset liability remains low.
The core way to address this problem is to employ security technologies that proactively provide a measure of risk. Using my own base as an example, Carbon Black’s streaming prevention is providing risk measure at every stage of an attack.
Streaming prevention provides the type of prioritization needed within our current interconnected market, where companies need to consider a growing number of complex, industry-wide security mandates.
Regardless of what jurisdiction a security mandate comes from (or which country a business operates in) it’s certain there will be one of many cybersecurity mandates that need to be considered.
Most importantly, in many jurisdictions around the globe, businesses are required to get in line with the rules and mandates or fall victim to many severe financial and legal consequences.
All of these mandates and policies have impact across the management chain of institutions. Contrary to the opinions of many people I’ve spoken with at RSA this year, these mandates are not put in place to cause consternation among stakeholders. Rather they are to help protect the critical data that has become a necessary component to doing business.
Most mandates and policies are created out of the need for a stronger stance against data theft and the protection against evolving cyber threats. When analyzing many of these mandates, one important note is that they all attempt to introduce security controls as counter measures against each stage of the common cyberattack.
These steps are often referred to as the cyber kill-chain and provide a way to ensure a business is adequately assessing risk to their data, as well as their security posture at each stage of an attack. Addressing each stage presents an opportunity to measure security posture proactively, an important step in ensuring security-control enforcement.
Some important cybersecurity mandates and policies that have come into the spotlight in recent years (and continue to have a big impact on commerce and businesses) are:
- The many state and industry regulatory policies in the U.S. (HIPAA, FISMA, GLBA)
- The European Union GDPR
- The Cyber Security Strategy of Singapore
- Japan’s Data Protection Act
- The Hong Kong Data protection ordinate and the HKMA
- The Australian cyber security strategy.
These are just a few we must monitor and analyze as they mature. I will write more on the confluence of these acts and mandates in subsequent blogs to explore how they will influence the goals of doing business and maintaining a cybersecurity program.
How Does Carbon Black Fit Into This?
Carbon Black provides an environment with clarity and visibility into the security landscape, allowing the organization to focus on the security priorities and controls that best provide a balance of risk measure and threat protection.
Cb Defense’s threat prioritization empowers businesses to filter through the noise and false positives associated with threats and measure-associated controls.
Cb Protection’s advanced endpoint attack prevention empowers companies to stop the threats distracting them from aligning with the mandates they are responsible for.
Carbon Black adds additional clarity through threat intelligence, forensics, and reporting, enabling businesses to eliminate distractions while getting a better understanding of the real risks to their security postures.
Most importantly, Carbon Black addresses the reason why many of mandates are put into practice in the first place by protecting critical data and driving us toward a world the is safe from cyber attacks.