CISO onboarding: navigating the cybersecurity landscape

Getting your Trinity Audio player ready...

In large organizations, fixing cybersecurity issues can feel like a high-stakes game of whac-a-mole. Endpoint detection and response (EDR) systems do make a difference and generate valuable high-fidelity data. But while all may seem well on paper, real life can get in the way. Devices come and go, systems become obsolete, and there are unexpected events that are tough to plan for. Things become more complex still when companies merge, acquire firms or make new hires, particularly if that involves CISO onboarding.

At the enterprise scale, there’s a good chance that companies may find themselves running multiple cybersecurity systems. It may not happen by design, but large international operations can become fragmented. Different departments will have their own preferences, and business units may not share the same origins. Company growth doesn’t always run in a straight line from A to B, and – as anyone who’s worked in a large organization will testify – things can end up being complicated.

CISO onboarding win

The good news for activities such as CISO onboarding, is that enterprises are unlikely to have a shortage of cybersecurity data. The tricky part is often piecing that information together. “Our goal is to help organizations get ahead of that,” Allen Rogers, Chief Product Officer at US-UK cyber asset and controls management firm Noetic, told TechHQ. “Insight may already be available, but in siloed tools that only operate in their own lane.”

To join everything together, Noetic has developed what it dubs a ‘continuous cyber asset management and controls platform’. More than just another cybersecurity dashboard, the platform gives customers something different and arguably even more practical.

Step one involves ingesting all of the previously siloed data sets. These could relate to cloud infrastructure, vulnerability management, or CMDB (configuration management database) information – to highlight just a few examples. “Aggregating data from these sources gives a holistic view of those assets,” adds Rogers.

Actionable insights

Agentless connectors make the process straightforward and can accommodate multiple data types. What’s more, connectors ship with different queries that allow users to quickly identify cybersecurity coverage gaps. And, being bi-directional, connectors can perform actions based on the results of the queries. What’s more, because the system looks across all data sets, it can report information such as all machines that have vulnerabilities, collating information regardless of the underlying tools.

Having a high-level view makes it straightforward to identify any machines that don’t have EDR protection, for example. And the ability to fill such cybersecurity gaps is definitely one of the big wins. Plus, having that data to hand helps with compliance activity. “We’re not just interested in the details, but also in their relationships,” said Rogers.

The graph database view offers an intuitive picture of an organization’s assets and can help users prioritize activity. For CISO onboarding, where new hires have to rapidly get to grips with where an enterprise stands from a risk perspective and make recommendations, this is a major benefit. Also, further down the road, having an objective measure of what’s going on makes for fewer awkward conversations.

Following M&A activity, firms can zero-in on pain points much sooner than if they had to stitch data together manually and try to combine the results from different tools on a case-by-case basis. Noetic estimates that – in the average enterprise environment – organizations may have more than 45 security tools running with conflicting roles and siloed results.

Continuous assessment

Rogers is one of the co-founders of the US-UK firm and brings 30 years of experience to Noetic. He was previously part of the Resilient Systems team and served as Director of Engineering when the cybersecurity company was acquired by IBM Security. Together with the other members of Noetic’s leadership, he wants to help organizations not just see through that mass of data, but to be able to assess their infrastructure continuously.

“Automation is great if you have a high level of confidence in sources and tasks that are reproducible,” he points out. And once users are in a position to trust the data at their fingertips, they are much more willing to roll out time-saving ‘find once, fix continuously’ style operations.

Platforms such as Noetic’s, and other systems that can unify siloed operating data, people, and computing assets, offer a new way of mapping the cybersecurity landscape. And this re-shaped ‘cyber cartography’, as some have called it, will allow enterprises to get ahead in multiple ways. We’ve already touched on the merits of being able to put unified data in front of new hires – for example, during CISO onboarding.

Other business benefits include enriching the decision-making process. For example, choices that were made on CVSS scores alone can now be contextualized alongside other operating data. Do vulnerabilities relate to machines being used in production versus assets deployed in a less critical area of the organization?

Such features help security teams in quickly identifying which parts of the enterprise need their attention first. And it gives them objective data to back up those decisions. The pitch for enterprises to take a fresh look at their cybersecurity landscape and dig into insights that they likely already have, is a strong one.