Have you ever tried to report the state of your security program to a CEO, CFO, or Board of Directors audience, and ended up presenting a dashboard full of numbers and details? And if you did, am I right that the communication didn’t quite hit the mark, like you weren’t quite speaking the same language, and it didn’t really improve understanding on both sides as much as you hoped?
At Tidal Cyber, we’ve heard a strong desire for reporting that resonates with an executive audience. In response, we’re excited to announce a new Coverage Map Rollup feature in Tidal Cyber Enterprise Edition that gives you a way to talk about your security program in a way that works for your executive and board stakeholders and is credible and useful for you and your security team.
Quantifying your cybersecurity risk with the Tidal Confidence Score
A key component of data-driven Threat-Informed Defense is quantifying your residual cybersecurity risk – what risk remains from the threats that matter to you, after you’ve applied your capabilities from your defensive stacks. Tidal Cyber Enterprise Edition has been doing this via the Tidal Confidence Score on Coverage Maps for some of the world’s most sophisticated organizations since it was launched. Coverage Maps calculate a Confidence Score to indicate how confident you should be that the configured Defensive Stack protects against the configured Threat Profile.
Sophisticated organizations create many Coverage Maps to cover different parts of their environment, or to track different threats. This allows them to see how they are doing, and how to improve, in ways specific to (for example) a production cloud environment used to hold customer data, or a corporate laptop environment from a recently acquired subsidiary. The challenge is, when you have multiple Coverage Maps, how do you report to senior executive leadership and the Board of Directors on how your security program is doing overall, and how the residual risk to the organization has changed over time?
Introducing the Coverage Map Rollup Confidence Score
Tidal Cyber is pleased to announce the General Availability of the Coverage Map Rollup feature to all customers of Tidal Cyber Enterprise Edition. The Coverage Map Rollup provides a single Tidal Confidence Score for all your Coverage Maps:
Figure 1: The Coverage Map Rollup Confidence Score
Customize the weight assigned to each Coverage Map to reflect the relative impact of a cybersecurity compromise for the environments your Coverage Maps represent (more on ways to do this in the next section):
Figure 2: Adjusting Coverage Map Weights
And see how that score has changed over time:
Figure 3: Coverage Map Rollup Confidence History
And finally, drill down into what changed on an individual Coverage Map to see the impact of the changes you make:
Figure 4: Change Log for an individual Coverage Map
All this functionality is built to be directly reportable to the executives and directors responsible for knowing the security state of your organization, but who are more interested in the big picture and want you and your team to be in charge of the details.
Tying the tactical to the strategic with Coverage Map weighting: some examples
A question that often arises when starting to use the Coverage Map Rollup is how to assign the weights to your Coverage Maps. Ultimately, you want to weight based on the relative impact of a compromise of the assets covered by each Coverage Map. If you’ve already done that – great! Use the relative weights you’ve already established and celebrate being a sophisticated practitioner of Threat-Informed Defense. If like most organizations you’re still working towards a measurement of relative impact, here are a few hypotheticals but realistic proxies you can use.
Cloud-first technology company
A cloud-first technology company likely operates multiple cloud environments – production, test, and dev, and likely at multiple cloud providers. Each environment may have a different set of tools to protect it. And then like all businesses, there are employee laptops, plus corporate infrastructure like email, messaging, HRIS, and the accounting system that must also be protected. This sort of company may not have a sophisticated Cyber Threat Intelligence (CTI) function. A company like this may choose to create a single Threat Profile, and have Defensive Stacks tailored to each of their cloud environments, one for their corporate laptops, and one for their corporate systems. Weights in the Coverage Map Rollup could be assigned based on the size, complexity, or value of each environment as a proxy for the impact of a compromise to that environment.
Large healthcare provider that has grown through acquisition
A company that has grown through acquisition over time and has not completely integrated its acquisitions may create a Coverage Map per acquired company. This coverage mapping strategy provides a Defensive Stack for the unique configuration of each acquired company. If this company doesn’t have a mature CTI team or the threats against each acquired company are similar, a single Threat Profile could be used for all Coverage Maps. If the threats against each acquired company are unique and the company has a sophisticated CTI team, they can create a unique Threat Profile per Coverage Map. Either way, weights in the Coverage Map Rollup for this situation could be assigned based on the number of connected assets or number of employees at each acquired company, as a proxy for the impact of a compromise to that environment.
Financial organization with a strong internal Cyber Threat Intelligence (CTI) program
An organization with a strong Cyber Threat Intelligence (CTI) program may take a threat-centric approach to creating Coverage Maps in Tidal Cyber Enterprise Edition. An organization of this type may create a single Defensive Stack and separate Threat Profiles to segment the threats they are tracking, with a Coverage Map per Threat Profile. This approach gives that organization a fine-grained analysis of how their defenses stack up to each threat and what to do next to improve defenses against that threat. An organization of this type may want to weight their Coverage Maps based on the prevalence of the threats represented by each Threat Profile in their specific industry and geography, as assessed by their CTI team.
Learn more about Coverage Map Rollup Confidence Score and Enterprise Edition
If you are intrigued about how Tidal’s Coverage Map Rollup Confidence Score and Enterprise Edition as a whole can enable strategic conversations with your executive and board stakeholders, reach out to us at tryenterprise@tidalcyber.com or send us a message to learn more.