Security Maturity and Capability Development
In 2021, we saw a lot of focus on maturity and capability development with our customers, leveraging frameworks like MITRE Att@ck, SOC CMM, NIST CSF and automation platforms to mature their organizations’ security posture rapidly.
The customers’ focus has also shifted to the effectiveness of security controls and therefore increased customer led red teaming activities, which are great initiatives across the market.
Increasing capability and maturity is a combination of the right support from business, the right people, policies, processes and procedures pushing quality levels up. Finally, the right technology has to be in place to enable maturity and capabilities around cybersecurity services.
As cyber teams mature, they are looking to leverage automation to keep up with the ever-increasing workloads, from simple orchestration like extracting IoCs from threat advisories and populating threat feeds to more complex orchestration wherein multiple systems are integrated into a single playbook to enable containment and eradication on cyber-attacks.
Another very interesting automation stream picking up speed is continuous cyber-attack simulation and controls validation; this allows cyber teams to simulate attacks safely and continuously. These safe attack simulation platforms produce key insights into detection and prevention control gaps that need urgent attention, including proposed corrective actions. Once these gaps are remediated the attack simulation will automatically validate the corrective actions, creating a hyper security maturity cycle, where cybersecurity teams work to resolve controls gaps and verify those closures in near real time.
Increasing capability and maturity is a combination of the right support from business, the right people, policies, processes and procedures pushing quality levels up.
Essentially these platforms automate the Purple and Red Teaming activities and stay up-to-date by leveraging the MITRE ATT@CK TTPs to create new simulation scenarios, where new code requires the platform engineers to work hard at creating and updating attack scripts. The recent Log4j vulnerability had code and simulations scenarios deployed within 48 hours across the leading platforms, leveraging MITRE ATT@CK mapping using existing code plus some new code which was required to enable accurate attack simulations of the Log4j vulnerability.
This automation stream looks very promising and should help address the resource shortages on the offensive security work streams.
A soft security control which is being validated more frequently is the cyber incident response plan, to ensure it works as expected. Cyber teams are validating the plan and processes via desk top exercises, to ensure the key resources, know what they need to do and when they need to it. It also ensures that the processes and communications matrices get refreshed as businesses evolve.
As the maturity and capability of organizations across the Middle East increases, so does the demand for strong global talent to move to the region. We have witnessed a steep increase in talent being attracted from across the globe to help local organizations become more secure and agile to adapt to the ever evolving threat landscape. Customers are becoming more discerning by the day, pushing service providers to increase the quality and level of service to international standards.
In 2022, Help AG will continue to support customers on their cybersecurity posture maturity journey through implementation of leading frameworks and security controls, which provide a great base for cybersecurity automation platform adoption to increase overall cyber resilience and help customers realize the ROI of their cybersecurity investments.
We have witnessed a steep increase in talent being attracted from across the globe to help local organizations become more secure and agile to adapt to every evolving threat landscape.
