Perfect Cyber Security Operations
As a fellow #infosec practitioner I enjoy maturing the Cyber Security capabilities of the organization I work for. And as we make progress almost every day, I keep thinking about what the perfect state will be like and whether a state of perfection can ever be reached.
So, what does a perfect state of Cyber Security Operations look like?
Here is an attempt to describe it:
Threat Intelligence (TI)
- TI function is able to track all relevant actors
- TI function is able to track all TTPs of all relevant actors
- TI function is able to track all known attack infrastructure of all relevant actors with the help of IOCs
- TI function is able to predict adversaries' activity based on planned business activities of its own organization
Detection & Response
- Detection function has full visibility into all infrastructure & applications
- Detection function is able to maintain full visibility while changes to infrastructure and applications are implemented
- Detection function can find signal in the noise without delay
- Response function is able to respond with surgical precision in every scenario
- Response function is able to respond without delay
- Large-scale containment actions are available to be executed at any time
Identify & Protect
- Asset/CI Management (CMDB) is always up2date
- Vulnerability Management function is able to discover all vulnerabilities on all assets
- Vulnerability Management function is able to discover all weak configurations on all assets
- Remediation of vulnerabilities can be tracked and executed within one business day
- Not compliant Asset configurations can be remediated within one business day
- Privileged Access Management is in control of all higher privileges
- AV, EDR, and any other protective technologies have no performance impact on the protected assets
Looking at the above lists, makes us realize that nothing in the universe can ever be perfect :–)