Security Operations confront a Spectrum of Phenomena on a daily basis
- Sophisticated Adversaries (APT) continuously adapt
their technologies, tactics, and techniques.
- Cyber Security Operations (SECOPS) must continuously evolve their awareness and defenses to keep pace.
- This ongoing transformation of the Adversaries' daily innovations into recognizable commodity situations, demands continuous learning.
Proactive Decisions
Proactive Decisions
Proactive Decisions
How to best prepare to defend, or respond to, an attack or compromise; balancing the interests of affected Stakeholders. Identifying mission-critical infrastructure, and developing Risk Mitigation (Security) tactics, techniques, and technologies to defend the business.
Reactive Decisions
Proactive Decisions
Proactive Decisions
How best to respond to an attack or compromise; assessing Risk to the business, prioritizing Situations as they arise, identifying and evaluating Countermeasure options, and identifying and balancing the interests of affected Stakeholders.
Reporting Decisions
Proactive Decisions
Reporting Decisions
What to communicate to the various Stakeholders. Credible Threats. Risk Posture.
Potential or realized Consequences due to attacks or compromises. Required changes to Risk Mitigation (Security) policies, tactics, techniques, and technologies.
In the Decisive SOC, Decision Makers don't guess; they apply Reasoning based upon Context
Phenomenati brings Contextual Reasoning to Security Operations...
...Answering the 5 Fundamental "What Imperatives"™
- What – to watch, is happening, has happened?
- So What – are the consequences, the impact to the business or mission?
- What Else – is the adversary doing, targeting, attacking?
- Now What – are our options, their costs, the timing/synchronization needed?
- What if – the threat materializes, or we employ this/that option?
In the Decisive SOC, Contextual Reasoning is rooted in comprehensive Situational Awareness
We create unprecedented Situational Awareness by fusing together...
The "7 Vectors of Cyber Risk Intelligence"™
- Assets & Config Management, Health & Status, etc. (ACMINT)
- Vulnerabilities & Patch Management (VULNINT)
- Phenomena – Observables, Events, Incidents, Cases, etc. (PHENINT)
- Threat Intelligence – both Internal and External (THREATINT)
- Consequences – Mission Impact, dependencies, CKT, etc. (CONSINT)
- Options – Effectiveness, Cost, Mission Impact, etc. (OPTINT)
- Time – Understanding the When of a Situation or Response (CHRONINT)