I think this article echo’s many of the conversations I am having with SecOps teams of late. There is a shared sentiment that context is the key to understanding where to most effectively apply the often finite resources available to mitigate the risk associated with known vulnerabilities.
There is another dimension to this context beyond the accounting of risk based on the number and severity of a vulnerability. It’s understanding the exposure to that risk in the broader context of what that resource is communicating with across the datacenter. Many wish to better understand where their applications might be inheriting risk from or transferring risk to. Which upstream and downstream applications are transferring risk between critical assets.
After implementing strategies to reduce lateral movement such as application ring-fencing, understanding the pathways that are most vulnerable is the next piece of contextual information that can be leveraged to ensure that resources are directed where there is the most benefit.
If Game Theory suggests using rational choice alongside the predictive utility of where exposure leads to greater risk, then the benefit of this additional dimension of context can dramatically improve the efficacy of the corrective action taken to reduce risk because there is broader understanding of where the exposure exists.
The more context you have the better placed you will be in understanding where there may be a clear and present danger to critical applications and be better positioned to direct those finite resources to deal with them.
Give me a shout if you are interested in hearing about Illumio’s ‘Game Theory’ of vulnerability management where we are showing organizations how to gain both the visibility of these open pathways and calculate in a finite way the exposure risk open to an application.
Vulnerability Management Isn't Just a Numbers Game Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory. Organizations will be quickly overwhelmed if they try to treat all vulnerabilities equally. Given the sheer volume of vulnerabilities, limited resources, and varying objectives across the teams involved, effective cybersecurity requires the ability to view vulnerabilities in the proper context and prioritize them accordingly for treatment — whether to remediate or mitigate or accept the risk.