When leveraged appropriately, this two-way link between a TDIR solution, such as a SIEM, and CTEM activities, can significantly improve both the speed and fidelity of your actionable threat intelligence. The SIEM, whether by rules or inference, identifies security incidents needing resolution and CTEM measures the current effectiveness of the controls, identifying where any security control improvement is required. This means that when measured against a best-practice cyber security framework, like the ACSC Essential Eight Maturity Model, the efficacy of each proactive mitigation strategy can be assessed, and if necessary adjusted, as part of a cyber resilience program. Gartner already expects that by 2026, CTEM will fundamentally reduce the number of security breaches by 2/3. So when this high-fidelity CTEM information is automatically integrated into the TDIR telemetry and analysis processes, the SOC investigation workflows, and analyst activities can be instructed by evidence-based actionable intelligence.
In combination, for example, Huntsman Security’s Enterprise SIEM and its Scorecard software, delivers unparalleled efficiencies to your cyber security efforts:
(i) continuously reporting the state of your internal cyber security controls to all stakeholders;
(ii) automatically correlating potentially suspicious events with priority or poorly protected assets; and as a result
(iii) streamlining analysts’ efforts to focus on risky events and IT assets that are known to be less protected or more valuable to the activities of the business.