Operationalizing Security Policy: The Value of Proactivity

Walking the corridors of a show like RSA or BlackHat, you can see a lot of amazing security tools. The challenge, as many CISOs well understand, is that at some point someone must take effective action with some subset of those tools to make their organizations more secure—or at least that’s the goal. Tools and policies may underpin security, but operational competency is what really delivers cybersecurity.

A number of vendors are stepping up to address this need. They offer platforms to help with the operationalization of security policy. For example, you may have a policy, derived from a framework like NIST CSF that says, “The physical environment is monitored to detect potential cybersecurity events.” (DE.CM-2). However, how do you actually monitor your physical environment to detect potential cybersecurity events? How do you do it with the people you have, without overextending them, and so forth? And, how do you do this well, especially while IT environments undergo their constant, inevitable changes?

Security monitoring and operational platforms are starting to provide solutions. Infocyte is one example. Their platform, Infocyte HUNT, enables security teams to operationalize policies for detection and response. Importantly, their stance is one of proactivity. “If you get an alert that an attack is underway, that is far from optimal. It means you missed something big,” explained John Norden, VP of Engineering at Infocyte.

“If you get an alert that an attack is underway, that is far from optimal. It means you missed something big,” explained John Norden, VP of Engineering at Infocyte.

“The best practice is to be proactive, to be out looking for the threats and neutralizing them before they disrupt your business,” Norden added. “Or, at the very least, be aware of them and have a complete overview of your environment. Then, you’ll be much better prepared to deal with the fallout from a security event.”

Infocyte HUNT is agentless, which makes it relatively easy to deploy. Once activated, the solution creates a complete inventory of IT assets in the environment. The tool then continuously updates this inventory of applications, systems, servers, accounts, instances and workloads. “A current and accurate asset inventory is essential for any serious security posture or compliance initiative,” Norden said. “We all know this, of course, but it’s striking how often people neglect to take the requirement seriously. If you don’t know what you have, nothing you own will be safe.”

“A current and accurate asset inventory is essential for any serious security posture or compliance initiative,” Norden said. “We all know this, of course, but it’s striking how often people neglect to take the requirement seriously. If you don’t know what you have, nothing you own will be safe.”

The central feature of Infocyte HUNT is a threat detection and rating system. The solution uses its own threat data as well as inputs from multiple external threat intelligence sources to rate suspected threats in the environment on a scale of 1-10. An AI-driven analysis function helps SecOps teams quickly expose, isolate, and eliminate threats deemed serious enough to merit attention. Users can see threat detection and ratings on a dashboard. The software can identity root causes, e.g. the “patient zero” phenomenon.

Infocyte HUNT can participate in incident response or manage the process completely. It integrates with SOAR solutions and other IT management and SecOps tools. The company designed it to be adaptable for either large enterprise or small-to-midsized use cases.