Security teams are overwhelmed, and struggling to find ways to build sustainable processes to not only chip away at the alert backlog, but also be more proactive at managing technology risk. The greater the volume of alerts, from a greater number of tools, with more distributed responsibility for remediation fixes, the more difficult it is to adapt existing approaches to identify and resolve risk at scale.
Getting more data doesn’t translate into actionable information
The growth of ‘non-CVE exposures’ and threats from cloud or infrastructure misconfigurations, container images in addition to supply chain security issues amplifies the complexity in not just automating prioritization, but also understanding how exposures are related to each other. Better correlation helps the data overload, but most organizations want a subjective view of what to focus on - not just based on security risk, but also business risks that are specific to the organization.
While there is more energy focused on more quickly and accurately determining what to fix from a huge backlog (whether based on risk or severity), few security teams have the right platform in place to automate how fixes are assigned once they have been assessed as a priority, and effectively communicate why a fix is actually a specific priority for their organization.
As was the case with the Log4J vulnerability, teams also struggle with determining how to prioritize across findings with the same technical severity - whether detected in cloud services or on-premise infrastructure.
Even a smaller number have end-to-end visibility in place to understand how a fix was resolved - encompassing exceptions management and mapping to compensation controls - and track progress (or not) over time, by team or business function.
Making incremental improvements at each phase of the prioritization and remediation processes can help reduce the severity of bottlenecks, or slow the rate of growth of alert backlogs.
But incremental improvements address the symptoms, not the underlying cause.
Closing the Loop: Evolve the process, don’t just tackle the chokepoint
The platform for tackling the underlying cause instead needs to be broader in scope. A unified, holistic approach takes into account the full scope of the life cycle, weaving together contextual prioritization and pragmatic resolution in a set of interconnected processes.
Taking a holistic approach unifies the phases in an end-to-end lifecycle - rather than trying to fix a set of isolated symptoms of an incoherent process - whether it be siloed views of findings by individual tools, tedious and manual prioritization processes based on technical ranking of CVE scores, or no ownership assignment automation.
Silk’s platform enables four pillars of activity that support a unified process and lifecycle which operate across teams and functions - rather than a series of disconnected steps. Silk provides subjective context and establishes continuity for processes distributed between security, operations and engineering teams, as well as related functions such as governance, risk and compliance (GRC).
The four pillars underpinning a holistic process are:
- Risk contextualization and prioritization for specific environment and organizational risk
- Remediation fix ownership discovery and assignment
- Bidirectional communication for ongoing collaboration and exceptions management
- Centralized resolution tracking, monitoring and reporting
To learn more about the four pillars of risk resolution, download our white paper here.