Optimizing Security Through Process Data Organization
As a set of activities involving multiple interfaces, processes are by nature prone to inconsistency
Maya Even-Shani | June 4, 2024
With regard to security processes, any deviation from the predefined set of steps and interfaces introduces risk.
Security process governance, a cornerstone of the NIST Cybersecurity Framework (CSF) 2.0, is to be able to identify these inconsistencies and take action upon them.
In our latest release, Gutsy 24.05 allows you to automatically categorize and organize the various paths processes follow at scale. These features help create that larger zoomed out view that enables understanding of the sources of inconsistency.
Organize and take action
Process governance analysis is geared towards revealing all of the different pathways and workflows employed within the organization to accomplish a particular security goal.
These different paths are classified as different process variants, describing the many ways things get done. Process variants are both descriptive, showing things as they are, and prescriptive, allowing managers to oversee workflows and evaluate which adhere to expectations and which do not.
Effective organization and classification of the data is the key here, in order to be able to create that larger zoomed out view that enables understanding of the sources of process inconsistencies.
Gutsy allows you to automatically classify your process data and be able to zoom out and organize your data but also in turn allows you also to take action faster.
Consider the following scenario - a user was offboarded but wasn’t removed from all AWS accounts. At this point there are two things you want to achieve. First, you want to make sure you are alerted of such a scenario if it happens again so as to ensure that it is remediated as soon as possible. Secondly, you want to understand how often this inconsistency happens.
With Gutsy new automatic tagging and group by tagging you can achieve both goals. Start off by creating an action rule to tag such variants with the 'Risk' tag and also in the 'Incomplete Offboarding' tag.
Now, on the risk tag, you already have a rule that alert you on a new case that is part of a risky process path (i.e. a risky variant) so that will work automatically and you only need to define it the one time and be done with it.
The other tag, for 'Incomplete Offboarding,' serves to help you aggregate all the different pathways by which user off boarding can be left unfinished, with forgotten missteps. While the variant tag groups together into a single view all of the process pathways that did not lead to the satisfactory completion of the process, providing an abstract and zoomed out overview, filters can quickly help differentiate between cases where off boarding was skipped on the US production account versus the Dev account.
Gutsy automates the discovery of all these problematic paths, grouped together under the 'Missing Offboarding' tag.
Learn more
Article: Dashboards That Actually Show you What You What You Want to See
Article: Plan for Success: Using Process Blueprints to Define Your Security Playbooks