P2P

P E E R T O P E E R M A G A Z I N E · S P R I N G 2 0 2 5 39 The small company in our example now depends solely on EDR to prevent the delivery of a payload or link to a malicious site. However, that is not the primary strength of EDR products, so we can clearly state that we are not as secure as we initially believed. But what happens if we still have the NGFW failure to detect and a few endpoints missed EDR installation? In this scenario, our new security mappings are not looking too good and are, at best, trivial. Not only have we conceded an entire step of the attack to the TA, but we also have single points of failure for the remaining attack steps. If we migrate to a mobile workforce where the NGFW no longer protects the endpoints, will we have any reasonable protections in this model? CHART 3 This example scenario quickly reveals some areas for security improvement conversations. You can pick any attack scenario and ask the same questions about your organization. You can locate real-world TA techniques for your scenario from a security researcher such as MITRE, Mandiant, Unit42, or CrowdStrike, to name a few. These writeups provide step-by-step playbooks of what TAs have done in the past. You can map security controls and gauge how your organization would fare in the matchup. Remember to include security controls such as least-privilege configurations or external monitoring from SOC services. Does your security posture match real-world scenarios? If not, what do you need to address this? If so, can you make configuration changes to existing products and services to become more secure without buying more? If you need to spend more or do more, now you can clearly explain why to your organization, whether it involves additional technical controls, policy enforcement, procedural changes, or all the above. CHART 4 SECURITY INITIATIVES r i n t T o Blueprint To Operations D e p t h Depth

• Cover