Today we’re excited to announce that, as part of our continuing effort to make security possible for our customers, we are introducing a new set of capabilities in our GreyMatter platform. These capabilities are meant to improve an analyst’s experience during investigations, map coverage to risk scenarios of concern, and measure and communicate actionable metrics to the business at large.
We have introduced a new capability allowing you to map coverage to Risk Scenarios, enabling you to measure your organization’s security posture against various types of cyber risk. We’ve also improved our Reference Lists capability and updated our detection rules mapping to MITRE v10.
These improvements will help provide a clear view of how an organization is postured against a certain threat and allow security teams to make informed decisions about which security products and solutions are necessary to protect the business.
The State of Risk Assessment
In recent weeks, we’ve seen attack after attack facing businesses and the world at large. And whenever news of a cyber-attack hits the web, executives often turn to their security teams and ask questions like “How well are we prepared for a ransomware attack?” or “How are we positioned against phishing?”
Unfortunately, these questions have historically been very difficult to answer. It’s even harder to translate the measurements into something an executive or board member can easily understand.
That’s where GreyMatter comes in. Our new capability, Risk Scenarios, makes it easy to answer questions like these. Instead of spending hours on manual research, you can use our new reports to see how your organization stacks up against specific types of cyber risks. In just a few clicks, you can determine your security posture against common attack types and see your results broken down to a tactical level.
Measuring Against Risk
Risk Scenarios constantly measures your status against four major categories of risk:
- Exploitation, in which malicious actors attempt to access your organization’s systems by exploiting a specific path. Common types of exploitation vectors are phishing, remote access, and supply chain weaknesses.
- Disruption, when an attack threatens the functionality or performance of a critical business service or application. Ransomware is a common disruption method.
- Infiltration is when attackers access your system and then move laterally into higher-value targets elsewhere in the network. This is most often carried out using stolen credentials.
- Exfiltration is another term for data theft. Exfiltration can affect many types of data, including payment card information, personally identifiable information, and intellectual property.
It also breaks down into specific threat types, making it easy to see your standing against those that are of most concern to your business.
Benefits to the Business
As we’ve said before, visibility is fundamental to security preparedness and a robust security strategy. Knowing the state of your security posture against cyber risks is key to protecting your business. Risk Scenarios helps you understand where there are gaps so that you can make sure vulnerabilities are dealt with before it’s too late.
Risk Scenarios presents your security posture against various threat types in a visually clear, readable graph that’s easily shareable with non-security stakeholders. Security teams can track their efforts to defend against threats of particular concern to the organization. They can then take this information and present it in a clear format to business leaders, resulting in much better alignment between the teams.
Not only does Risk Scenarios give you your status against relevant threats, but it also makes recommendations to help you improve your standing. By implementing these recommendations, security teams can quickly and easily address coverage gaps.
Up-leveled Security Posture
With greater visibility, clearer communication, and helpful recommendations, you’ll have a greater understanding of your environment and the threats you’re facing. As a result, you can take proactive action to improve your security posture.
Improved Reference Lists and Mapping to MITRE ATT&CK v10
We’ve also updated two existing features.
In line with keeping with improving efficiencies for security operators, GreyMatter delivers enhancements to reduce tool hopping by automating the collection of various contextual information aiding in faster investigations and further streamlining the security operations workflow.
Finally, we’ve updated our detection rules mapping for SIEM technologies from v7 to v10 of the MITRE ATT&CK framework. With this upgrade, GreyMatter users are better able to visualize and measure detection coverage aligned to the latest techniques.
We hope you’ll check out these features. Customers can reach out to their customer success managers if they have any questions.
Until next time,