Blue Turtle, BitSight insist prevention before detection is key to managing security risks

Security threats have never been more prevalent as the volume of access points to traditional security boundaries rapidly increases and, in turn, expands the security attack surface. According to Blue Turtle Technologies and its partner BitSight, to get on top of managing an organisation's security posture, IT teams need to include effective zero-trust attack surface management before these threats make their way to the security operations centre (SOC).

"Growing use of the cloud and the decentralisation of workforces resulting from hybrid work-from-home models is having a massive impact on the size of the security attack surface. At the rate at which the attack surface grows, it's easier to secure it than shrink it," says Ronnie Koch, Product Manager: Security ICS Practice, Blue Turtle. “By partnering with BitSight as part of our end-to-end SOC offering, we are helping customers keep many of these threats out of the SOC, reducing the load on security teams and providing them full visibility of their attack surface. You can’t secure what you can’t see.”

According to Blue Turtle, attack surface management tools like those offered by BitSight are an essential step in being proactive in threat management and detection. While detection and response are quintessential to better security management, BitSight customers can stop threats before they spring into action and debilitate a user's environment. It is an approach that Blue Turtle and BitSight will be jointly demonstrating at the ITWeb Security Summit 2022.

Management of an organisation’s attack surface is vital for better security posture management, which is the ultimate goal of the SOC. With BitSight, a company can closely monitor and guard its entire cyber risk profile by paying particular attention to cyber risk management, cyber risk governance, effective assurance, vendor validation and continuous monitoring. Further, it also allows teams to profile and mitigate threats outside their perimeter by scoring companies in their extended supply chain's security performance over time. If an organisation fairs poorly, a security team can apply a zero-trust approach to sharing data with this party and work with these partners to improve their security posture.

"Too often in security, we only develop a view of our attack surface and the edge as an attack is happening, whereas in a perfect world, you need to look at this over time. This allows your team to be tactical in managing your attack surface and shut down potential threats from third parties. With BitSight, we allow companies to detect consistently bad behaviour perpetuated over time by delivering a single view of the entire attack surface, not just your own," adds Koch.

But BitSight offers more than just insight into the potential threats from digital apps, cloud access and the growing edge. It also provides a view of good security housekeeping such as patch management and even system configuration. When these are better managed, the score an organisation gets for its security posture will improve. The result is not just reduced risk across a multi-faceted attack surface, but also a reduction in threats and potential cyber anomalies entering your SOC.

Blue Turtle will be showcasing its unique relationship with BitSight and its team’s focus on ensuring the solutions added to an SOC are appropriate and AI-driven at the 17th annual ITWeb Security Summit in Johannesburg from 31 May to 2 June at the Sandton Convention Centre, and in Cape Town on 6 June at the Century City Conference Centre.

For more information or to speak to a Blue Turtle security specialist, contact Ronniek@blueturtle.co.za or visit https://blueturtle.co.za/.