Security Specialists' Desired Features from Suppliers of Security Equipment: An Interview with Brian Harrell
In the ever-evolving landscape of cybersecurity, the ability of vendors to understand and address the threats and risks faced by Chief Security Officers (CSOs) has become a crucial factor for seasoned executives. A recent trend in the industry is the shift towards a threat-informed defense approach, which directly maps security tools and detection capabilities to the tactics of real-world adversaries.
Brian Harrell, a Chief Security Officer for a large energy company, has emphasized the importance of this approach. He values vendors who not only possess knowledge of tactics, techniques, and procedures (TTPs) deployed by adversaries like China, Russia, North Korea, Iran, but also those who can provide valuable resources during incident recovery.
One company that has demonstrated a deep understanding of the threats and risks faced by customers, particularly in the critical infrastructure sector, is Dragos Industrial Security. Their focus on battling nation-state adversaries sets them apart in the industry.
By adopting a threat-informed defense strategy, vendors can align their solutions with what truly matters to CSOs. This approach reduces the probability of attacker success and closes blind spots in security coverage. Key elements of this approach include showing exactly how adversaries execute TTPs, calculating residual risk for each attack technique based on real threat activity, providing stack-specific visibility that highlights exposures grounded in observed attacker behavior, and improving detection accuracy by validating against real-world attack patterns rather than just compliance checklists or vulnerability counts.
This approach, known as "collective defense," allows adjustments to defenses based on shared knowledge. What impacts one organization likely impacts another, making this a powerful tool in the fight against cyber threats.
It is worth noting that approximately 40% of vendors have a deep understanding of the security threat environment, while 60% are focused on business development. However, there is a gap in understanding the threat environment in the physical security space, compared to more mature vendors in the cybersecurity space.
Understanding the threat environment allows vendors to focus with CSOs on what the threat is and how to reduce it, rather than just up-selling unnecessary products. Vendors are considered part of the risk solution during incidents, often among the first calls made by CSOs after law enforcement, CEO, and board members.
Investing in risk reduction tools is advised, particularly in sectors like the electric grid and other critical infrastructures, which are significant targets for nation-state adversaries, particularly during potential Chinese invasion of Taiwan.
In conclusion, while there is no specific statistic on what percentage of vendors have deep insight, the industry best practice for demonstrating expertise is moving toward threat-informed defense strategies that link security products directly to the evolving tactics of real threat actors known to target organizations and CSOs. This shift towards a more proactive and informed approach is set to shape the future of cybersecurity.
- The shift towards a threat-informed defense strategy, which links security tools and detection capabilities to the tactics of real-world adversaries, is highly valued by Chief Security Officers (CSOs) like Brian Harrell, as it aligns vendors' solutions with what truly matters to them and reduces the probability of attacker success.
- Vendors who demonstrate a deep understanding of the security threat environment, such as Dragos Industrial Security, are considered part of the risk solution during incidents, and investing in risk reduction tools from these vendors, particularly in sectors like the electric grid, is advised, given their significance as targets for nation-state adversaries.
