Our Reports

From Reactive to Proactive: Security Optimization and Threat-Informed Defense

Published on: August 4, 2020

Author: Johna Till Johnson, CEO and Founder

Cybersecurity professionals typically invest in cybersecurity technologies and staffing either on an ad-hoc basis (“I go to the board for funding when I have a project in mind”) or based on benchmarks with peers (“I should be spending X percent of my IT budget on cybersecurity technology.”) Unfortunately, these practices don’t correlate with cybersecurity operational success; the one investment strategy that does is a risk-based strategy.

A risk-based approach to investing in cybersecurity technologies involves (as you might imagine) investing in technologies that measurably reduce business and operational risk. There’s a catch, though: How can a cybersecurity professional be confident that a given technology or practice actually reduces risk?

That’s where the concept of threat-informed defense comes into play. Threat-informed defense means understanding which threats, or constellations of threats, the organization is most likely to encounter, and investing in technologies that protect against those threats.

Selecting the technologies in which to invest involves the concept of security optimization: spending the budget on technologies and practices that directly protect against the greatest number of the most likely threats. In a world with finite resources, security optimization ensures that an organization is spending the dollars where they do the most good.

By deploying threat-informed defense and security optimization, cybersecurity professionals arrive at a risk-based cybersecurity strategy. The end game is thus a strategy that minimizes risk (while acknowledging that risk can never be eliminated).

Cybersecurity professionals can deploy threat-informed defense and security optimization at every maturity level; and by doing so, they can increase their cybersecurity maturity overall. We recommend, therefore, that cybersecurity professionals familiarize themselves with these concepts and the practical means of applying them to improve cybersecurity maturity and move to a risk-based strategy.

Table of Contents
  • Executive Summary
  • CISO Investment Strategies
    • The Strategies
    • Why Risk-Based is Best
  • Threat-Informed Defense
    • What is “Threat-Informed Defense”?
    • The MITRE ATT&CK Framework
  • From Threat-Informed Defense to Security Optimization
    • What is Security Optimization?
    • Applying Threat-Informed Defense and Security Optimization At Every Stage
  • Business Benefits of Threat-Informed Defense and Security Optimization
  • Recommendations and Action Items

You are currently viewing a preview of this content. Nemertes Clients, please log in for full access to all research content. If you are not a client, please click below to purchase access to this research report. We also invite you to become a client.


Purchase Access