Security risk management specialist and a strategic advisor to the Government and Technology Services Coalition, The Chertoff Group, is collaborating with ServiceNow, a global provider of digital workflow solutions, to help organizations build threat-informed defense and response workflows through Chertoff Group Cyber Risk Diagnostic services and ServiceNow Security Operations solutions.
ServiceNow’s Security Operations application integration with the MITRE Corporation’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework enables security analysts to gain visibility on both internal defenses and potential threat behavior seeking to exploit defensive gaps. Organizations track adversary behavior and use filters to search ongoing and past incidents to better understand potential threat activity. Equipped with heat maps, SOC teams can review their detection rules and adjust detection controls coverage across techniques, campaigns, and specific adversaries. Once security teams can determine the tactics and techniques used in cyber attack campaigns, they can better understand the attack surface and how well prepared they are to prevent and detect cyber events.
The Chertoff Group’s Cyber Risk Diagnostic service enables organizations to leverage ServiceNow’s solution for CISOs, CIOs and C-suite business executives. The Chertoff Group begins with a company’s business profile and helps the company map that profile to threat, building a threat model; it then maps threat tactics, techniques and procedures (TTPs) to internally-facing defensive measures to determine if threat-informed defenses are in place; finally, it tests those defenses against the threat model to determine whether defenses are operating as intended. In doing so, the company turns metrics and data-points into actionable insights on security performance. The service is built on top of the MITRE Corporation’s ATT&CK framework.
Customers receive hands-on support to familiarize the technical team in conducting threat-specific planning, mapping to defenses, controls assurance testing and presenting the information in meaningful, intuitive ways. They are also coached on how to make specific business cases for security tools or personnel investments that align with their organization’s specific security needs. Technical teams receive in-depth training to empower organizations to combine the ServiceNow platform and the Cyber Risk Diagnostic process to continuously evaluate countermeasure performance and make strategic, threat-informed decisions to further mature the program.