CISOs today must decide what is an acceptable risk to their organization. It’s an impossible equation to solve as enterprise attack surfaces are rapidly expanding, necessitating the need for a modernized approach to risk assessment. The most forward-thinking CISOs use advanced tools to not only stay on top of the ever-changing landscape of connected infrastructure but also to prioritize threats according to their exposure, considering existing security defenses and system vulnerabilities. This shift in strategy recognizes that organizations cannot fix everything and must instead focus on the critical exposures that pose the greatest threat to their security posture.
But how can an organization get started? Approaching security posture as a method to manage acceptable cyber risk involves moving beyond simple vulnerability identification to a more holistic approach that considers the potential impact of each exposure within the context of the organization’s unique environment. In 2022, Gartner® coined the term continuous threat exposure management (CTEM) to describe this proactive and flexible approach to cybersecurity. Just two years later, 84% of respondents in the Gartner 2024 Board of Directors Survey on Driving Business Success in an Uncertain World viewed cybersecurity-related risk as a business risk, not just a technology risk.
Although it’s clear that security professionals understand the importance of CTEM, the sheer complexity of the network, the changing nature of attacks, and the number of different internal silos in IT make executing this type of strategy extremely difficult.
How Does Network Complexity Make Risk Management More Challenging?
A Fortune 500 enterprise network encompasses thousands of devices, including switches, routers, firewalls, load balancers, and more, with diverse operating systems and features. Additionally, these networks span multiple public clouds. The process of understanding network behavior and ensuring policy compliance in this environment can feel overwhelming or even impossible since most teams rely on outdated spreadsheets and silos of knowledge instead of an accessible, up-to-date single source of truth. Without comprehensive network visibility, ensuring network segmentation, troubleshooting issues, enforcing security policies, and demonstrating network reliability become daunting, if not unmanageable, tasks.
Without visibility, enterprises have increased risk and cannot accurately assess the risk they are facing. Put simply, having an always-accurate global view of the entire network infrastructure is foundational to an effective cyber risk strategy. Digital twin technology, defined by McKinsey as a digital replica of a physical object, person, system, or process contextualized in a digital version of its environment, can be applied to networks to help address this issue. This technology gathers configuration and state data from all packet-handling devices on the network, creating a virtual representation of the entire system. This empowers engineers to analyze network behavior and continuously monitor it for compliance. They can explore the network at a high level or focus on specific devices, down to individual lines of configuration, as needed.
The data can then be used to create an always accurate risk assessment, pinpoint areas of exposure, and ensure the network is free of CVE risks. With a digital network twin, organizations can determine what a significant risk is and establish clear remediation procedures. In some cases, through an advanced collection process, network digital twins can discover unknown devices in the network, which could present a risk. For example, if an organization sees a new host connecting to a network and the host is not accounted for in other systems like IPAM and CMDB, it is clear that the resource is rogue, and measures need to be taken to fix the violation of the change management process and protect the network from potential harm. Or, in an even worse scenario, there’s a breach, the enterprise is able to quickly understand the blast radius – what device was compromised, what other devices are connected, and all possible traffic flows to remediate the issue. Without accurate network data, these events could go undetected.
Combining accurate network modeling and incident response frameworks with existing threat intelligence allows the SOC to prioritize vulnerabilities across the network and neutralize threats before they cause harm.
Visibility And Risk Management
Visibility also gives organizations the foundational data that they need to start implementing an effective CTEM program and figuring out how to prioritize and classify risks based on which pose the greatest threats. This includes defining what a risk is and workflows for remediating these risks (who they affect, who needs to be notified, what teams beyond IT and security should be involved, etc.) Organizations struggle with this because they lack access to a single source of truth. Data is spread through multiple tools. CTEM is not just about technology – it’s about people and processes.
Digital twin technology helps organizations ensure that all network data is up-to-date and accurate, providing a reliable tool for network management and troubleshooting. CISOs can use this foundational work to develop a risk-based security approach beyond just IT. This will help them more effectively allocate resources and address security concerns driving threat exposure, and ultimately bring associated risks down to levels acceptable to business.
Renata Budko serves as Director of Security Product Management for Forward Networks where she is responsible for product strategy and execution of the Security Product Line. She is an experienced leader with a proven track record in cloud, cybersecurity, AI-based software, SaaS, and mobile infrastructure. Before joining Forward Networks, Renata was Head of Product for Traceable AI and held leadership positions at Wallarm and VMWare. She has a bachelor’s degree in physics from Moscow Institute of Physics and Technology and an MBA/ master’s degree in engineering from the University of California, Davis. Renata holds 10+ patents in the cybersecurity space and has received recognition as one of the top 25 Women Leaders in Cybersecurity and among the 100 Top Emerging Product Leaders.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.