在当今不断变化的威胁环境中, organizations are investing in different types of security solutions to protect their environment from threats, 和, 结果是, these solutions generate an enormous amount of data each day. This leads to challenges such as the ability to leverage the data generated to derive better insights into security programs with improved accuracy. 传统上, assessments rely on qualitative analysis techniques such as interviews, but the results do not provide a real-time view of the threats. With the proliferation of data breaches 和 cyberattacks, organizations are increasingly seeking experts’ advice to underst和 if the data that are generated daily can be put to better use through enhanced techniques or methodologies.
A data-driven security assessment (DSA) is an evolved form of assessment methodology that addresses this concern, 和 it is gaining momentum in becoming an essential component of the future of security assessments. Organizations often grapple with how to make assessments 和 decisions more intelligent; therefore, organizations 和 security professionals can leverage DSAs.
什么是DSA?
A DSA is used to analyze security-related data to identify 漏洞, 威胁和风险 that can affect an organization's information security in near real-time. These assessments use a variety of data sources including security logs, 网络流量, 系统配置和用户行为数据. DSAs typically are a combination of analytical 和 quantitative techniques 和 manual analysis by human experts to identify potential threats 和 prioritize risk to gain meaningful 和 actionable insights.
如何进行DSA?
To conduct a DSA, organizations can follow these steps:
- 范围- - - - - -The first step is to define the scope of the assessment (i.e., the systems, applications 和 data that will be analyzed).
- 收集,The next step is to identify the data sources 和 collect the data that will be used for the assessment. This includes security logs, 网络流量, 系统配置和用户行为数据.
- 分析- - - - - -The data collected are analyzed using various DSA methodologies such as vulnerability assessment 和 penetration testing (VAPT); breach 和 attack simulation (BAS); attack surface management (ASM); security information 和 event management (SIEM) solutions; 和 security orchestration, automation 和 response (SOAR) tool use to identify patterns 和 anomalies.
- 确定- - - - - -基于分析, 漏洞, 威胁和风险 that can affect the organization’s security posture are identified.
- 减轻-The final step is to develop mitigation strategies based on the identified 漏洞, 威胁和风险. 这可以包括实现安全控制, updating system configurations 和 training employees based on industry-leading security practices.
DSA的好处
The use of DSAs has many benefits, including the ability to:
- Analyze large volumes of data continuously to identify potential security risk, emerging threats 和 漏洞 in real time.
- Correlate data from multiple data sources to identify patterns 和 anomalies that may indicate a potential security breach or vulnerability.
- Supplement existing qualitative analysis methods with data-rich quantitative 和 technical aspects to improve accuracy.
- Stay ahead of potential threats 和 take proactive measures 和 effective strategies to reduce 和 mitigate risk.
- Maintain real-time visibility of compliance with regulations 和 industry st和ards, 并避免因违规而受到代价高昂的处罚.
领先于新出现的威胁
By using data to inform security assessments 和 combining advanced risk assessment methodologies with human expertise, organizations can make more informed decisions on where to allocate resources to reduce risk 和 improve security posture. Ongoing monitoring 和 analysis of security data can also help organizations stay ahead of emerging threats 和 adjust their security posture as needed. 随着威胁的不断增加, DSAs are increasingly gaining traction to be a critical component of any organization’s cybersecurity strategy.
编者按: For further insights on this topic, read the authors’ recent Journal article, “网络安全评估的未来就在这里,” ISACA杂志,第2卷2023.
