Expand our knowledge of Cyber Threat
Cyber policy staff within the organization establishes controls and policies, frequently based upon regulatory requirements. Cyber operations staff implement the controls within the hardware and software to satisfy the control requirements. The controls and policies are built upon process, hardware, software, and the location of the system.
Continuous monitoring solutions, log aggregators, SIEMs, and other cyber solutions are focused on understanding the overwhelming number of events as they pose a threat to the environment. Cyber solutions do not measure risk as it applies to the integrity of the controls and policies established to secure the environment. Continuous Monitoring solutions must understand the impact of the threat as it relates to the controls that are found within the organization today. As we look to improve our cyber posture, we need to understand the impact on the two consistent variables in the environment: the controls and the events.
Controls organized into baselines are a point of comparison of what "right looks like," and environments void of that comparison are re-actively trying to control cyber threat, and frankly losing the battle. ACATEE (ACATEE.com) is designed to understand and prioritize risk as it relates to the integrity of the controls implemented within the environment, providing a near-real-time assessment of risk-based upon the standards and events within your environment.