Top Security Projects for 2021

Where To Focus Your Efforts?

As we recover from many stressful months of an uncertain future and the difficulties wrought by 2020, we find ourselves considering what 2021 holds in store and how we can better position ourselves for success.

When it comes to cybersecurity, we have seen significant immediate and long-term shifts in priorities and IT and strategies due to the impact of the global pandemic. While there is disagreement on which are the most important cyber threats to focus on, everyone agrees that cybersecurity is more important now than ever before.

Quickly approaching the one-year anniversary of adjusting to this “new normal,” here are some of the top security projects CISO’s should focus on.

 

Prioritize Risk Reduction AND Business Enablement

The Gartner Top 10 Security Projects for 2020-2021 noted eight new projects. Brian Reed, Gartner Sr. Director Analyst stressed the importance of choosing projects with the primary goal of maximizing business impact during the Gartner Security & Risk Management Summit, 2020 stating, “the key is to prioritize business enablement and reduce risk – and communicate those priorities effectively to the business.”*

A similar sentiment was echoed by Gartner VP Analyst, Jeffrey Wheatman , “Don’t just buy a security tool, understand what that tool can help you do to reduce risk and optimize your organization.”**

Every cyber risk is a business risk. Security and risk management teams need to open lines of communication with business leaders to validate risk reduction. Wheatman goes on to state, “remember, your organization decides whether to take on the risk; our job in security is to provide all known data points to support a business decision.”**

 

You Can’t Do Everything So What Should You Be Doing?

All vulnerabilities are not equal. We need to acknowledge that we will never reach a state where we are 100% fully patched. However, it is possible to mitigate this risk by adapting to take a risk-based approach to vulnerability management by focusing on systems and vulnerabilities that are actively exploitable.

“We can spend too much precious time overanalyzing choices we make about security, striving for this notion of perfect protection that just simply does not exist,” says Reed.*

Risk-based vulnerability management was second on the list of projects for 2021.* RBVM is the application of context and threat intelligence to vulnerability data to help security teams focus on the vulnerabilities with higher risk. ***

 

How to Effectively Prioritize and Remediate Vulnerabilities

While simple in its fundamentals, a risk-based vulnerability management program zeroes in on several issues with security data generation and handling that organizations consistently struggle with during the day-to-day management of vulnerabilities and exposures.

NorthStar Navigator is uniquely positioned to help organizations plan, deploy, and manage a risk-based vulnerability management program to effectively frame their risk decisions in a business context.  Rooted in the belief that organizations do not need help generating security and management data, NorthStar Navigator focuses organizations on leveraging their existing, inconsistent, and disparate security and management data by providing a platform for collecting, consolidating, and correlating this data into a single source of truth for assets and vulnerabilities.  Capitalizing on this new accurate and actionable information, NorthStar Navigator provides individualized scoring for the technical severity and business importance of assets to create a means of prioritizing remediations efforts.  Built from the ground up on a flexible data model, NorthStar Navigator allows organizations to incorporate the most meaningful and impactful data available to help drive the technical severity, business importance, and prioritization of vulnerabilities both today and into the future.  By leveraging this flexible data model, NorthStar Navigator allows users to quickly create data visualizations and reports in the front-end GUI that will satisfy the varying needs of the organization and individual stakeholders in a single tool.

 

Securing Your Remote Workforce

With the global impact of COVID-19, organizations have had to adapt to their security strategies to accommodate a now remote workforce. There are numerous challenges against effective vulnerability management with this hinderance to normal operational logistics. However, NorthStar’s aggregated asset, software, and vulnerability data helps organizations see where potential vulnerabilities are present in the event that a remote machine cannot be scanned or is on a reduced scan cycle.

While some organizations will elect to reduce or skip vuln scans for remote assets because their scanning technology cannot keep up, NorthStar can help by

    • Providing advanced warning on possible vulnerabilities before they show up on vulnerability scanners
    • Prioritizing scanning jobs that are being performed (full or reduced)
    • Prioritizing remediation on reduced workforce, network bandwidth, and maintenance windows based on the business importance of assets

As Brian Reed states, “If you can only do one thing, enabling and securing your remote workforce should be at the top of the list.”***

 

Expect the Unexpected

Returning to the office environment may come sooner, later, or possibly not at all for some organizations but in order to reduce risk and facilitate a quick return while adjusting to the ‘new normal,’  CISOs should consider assessing the programs in place to ensure the readiness and resilience of operations during a contingency period. If nothing else, 2020 has taught all of us to expect the unexpected.

If you need help preparing your environment for the unpredictable or for more information about how NorthStar Navigator can empower your RBVM program, contact us today at connect@northstar.io

 

 

 

 

*Smarter With Gartner, Gartner Top 10 Security Projects for 2020-2021, September 2020, https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/

** Gartner Webinar, The Top Security Projects to Focus on for 2021, Jeffrey Wheatman, 09 November 2020.

***Gartner Security & Risk Management Summit Presentation, Top Security Projects for 2020-2021, Brian Reed, September 14-17, 2020.