Getting your Trinity Audio player ready...
A weekly update highlighting where XM Cyber customers are seeing value with the continuous exposure management platform.
Team sports require clear communication to ensure everyone is moving in the right direction at the right time. Similarly, cybersecurity teams need to communicate not only to their direct team but other roles within the organization – frequently IT – to be successful.
Recently, an XM Cyber customer in the professional sports industry struggled with communication between the Security and DevOps team. Security would send tickets for the remediations they needed, but they would often go unaddressed. Meanwhile the DevOps team prioritized getting existing projects and tasks completed, rather than focusing on remediation. While these tasks were in their backlog, the team simply didn’t have the time to get to these potentially critical exposures that could lead to a compromise. The result was that the biggest risks were not being addressed, leaving business-critical assets exposed.
The Security team used the XM Cyber Attack Graph Analysis to model how an attacker could compromise the organization. Using vulnerabilities, misconfigurations, and identity issues then layering the organization’s critical assets, the Security team was able to present a list of issues based on the biggest risks. Further prioritization with choke points, i.e., assets where multiple attack paths converge, allowed Security to deliver a high impact target list for DevOps.
Owing to the shared understanding of what was putting the organization at the greatest risk, both DevOps and Security could align on the most critical assets to remediate first. The Security team was able to bring fewer tasks to DevOps while delivering a great impact on risk reduction. At the same time, the non-critical items were put into the IT backlog to be addressed over time. This allowed both teams to show a win for the business and this shared language of risk has been a valuable enabler, to fix less and prevent more.