Proactive Security solutions are gaining traction. They help organizations improve both resilience and readiness, by prioritizing vulnerabilities, improving security posture and staying ahead of threats. This is vital if organizations are going to overcome current poor assessment practices that are obscuring actual levels of risk.   

In our latest whitepaper, we explored research from Omdia found that organizations of all sizes are embracing proactive security. Over 70% of respondents increased spending on proactive security solutions versus a year ago. And 60% of all respondents also rated external asset context (e.g., attack surface visibility, attack path mapping, security control validation) as critically important. This capability is particularly important to the most security-mature organizations, 69% of which rated it critical.   

What is Cyber Operational Readiness Assessment (CORA) and best practice for proactive security?   

Industry guidance on best practice when building a proactive security strategy is limited. But the whitepaper highlights that The Cyber Operational Readiness Assessment (CORA) requirements map well to end-user requirements for proactive security solutions. Therefore, it is difficult imagining meeting these regulations and benefitting from the full potential of a proactive security approach without embracing configuration security automation.  

Omdia found that when adopting a proactive security approach, common approaches relate to effectively reducing the attack surface. CORA suggested a shift towards more proactive defenses, including the zero trust (ZT) approach and risk-prioritized attack surface management.  

Introduced in March 2024, CORA is focused on hardening information systems and proactively reducing the organization’s attack surface. In particular, it focuses on securing the boundary between public and private networks, and the continuous monitoring and assessment of network perimeter devices. Attack surface management and zero trust best practice within CORA combine Tactics, Techniques, and Procedures (TTP) risk exposure management and effective macro and micro network segmentation.  

Organizations are now adopting technologies that can provide continuous enterprise-wide monitoring from the perimeter to the interior. Validating routers and switches, as well as firewalls, maintain a secure, uncompromised state. Nipper Enterprise supports the shift towards proactive security by offering near-real time exposure monitoring of these devices. This is key to minimizing the attack surface and developing operational resilience.   

The solution proactively monitors for any configuration drift, providing visibility of ZT macro segmentation violations and vulnerabilities. These are automatically mapped to specific MITRE ATT&CK TTPs and Known Exploited Vulnerabilities (KEVs) to inform business critical incident response and remediation strategies.  

Attack surface management and automation

Larger organizations and those with higher levels of security maturity are much more likely to automatically overlay current and historical network security data onto attack frameworks, according to the research. By mapping misconfigurations to known adversarial tactics and techniques, security teams can more effectively identify potential vulnerabilities and exposure to threats.  

This then allows them to see which misconfigurations are most exploited. Informing them of where they need to focus remediation efforts to make sure the most critical risks are addressed first.  

Looking at historical data can give information useful for understanding current incidents. For example, if an attacker has made their way onto one device, looking at historic data of misconfigurations and vulnerabilities might show where they have been able to proliferate their attack.  

Nipper Enterprise has been developed as a continuous solution for detecting in near real-time any changes to device configurations – planned or unplanned. Changes are assessed proactively to provide network owners with accurate and risk-based visibility of device-by-device security, compliance and segmentation posture.  

By quickly identifying configuration drift and discovering exploitable vulnerabilities (e.g., CISA KEVs), coupled with the provision of remediation guidance, Nipper Enterprise enables defensive resources to be risk-prioritized towards efficiently fixing real-world issues. ATT&CK vectors/TTPs can then be shut down before they are discovered and exploited by the adversary.  

Network owners choose to use Nipper Enterprise to increase the coverage and cadence of assessments, evidence continuous compliance with military and industry regulations, and minimize their attack surface by utilizing MITRE ATT&CK misconfiguration prioritization analysis.  

How Nipper Enterprise supports Proactive Security  

Nipper Enterprise has been designed to free up and focus an organization’s scarce human cyber resource on business-critical attack surface readiness and resilience. Building on Nipper’s vulnerability impact assessment accuracy and risk prioritized remediation know-how, Nipper Enterprise augments network risk visibility with macro segmentation violation and attack exposure analysis. Thereby providing the proactive security capabilities needed to analyze risks to fully understand where the network is exposed to real world threats.  

CORA makes clear that the need to shift towards more proactive defenses is needed to maintain a state of operational mission assurance. To align with standards like CORA, and benefit from the full potential of a proactive security approach, the adoption of solutions that automate configuration security and remediation prioritization is an important next step. For more information, read our latest whitepaper with Omdia.