TL;DR

The cyber defense matrix is an organizational tool designed by Sounil Yu to assist security teams with inventorying current security measures, identifying gaps in current tools, and planning future security investments. Enterprise secrets management solutions fit many spaces of the matrix and integrate with services that fit others.

What is the Cyber Defense Matrix?

Developed by Sounil Yu over more than eight years, the Cyber Defense Matrix begins with the five operational functions of the NIST Cybersecurity Framework:

The NIST operational functions of the Cyber Defense Matrix represent the phases of a cybersecurity incident. Identifying and protecting assets are structural security functions that should always occur before an incident. As vulnerabilities are discovered through detection functions, teams respond and recover with security measures during and after the incident.

The Y-axis categorizes various company assets by class. These are:

Together, these axes form the Cyber Defense Matrix. By filling out this matrix, security leaders can evaluate where protections are strong or weak. The matrix also helps guide decisions on future investments. For instance, in the cross-section of Network and Identify, a security team might identify that their hybrid work environment is unsecured when employees access their work environment from home or cafe wifi. In Network and Protect, a plan mandating a VPN with multi-factor authentication would then be formed.

How does secrets management fit into the cyber defense matrix?

Secrets management touches many parts of the matrix. Sensitive credentials, such as API keys, service tokens, and database passwords, span multiple asset classes and operational functions.

Some teams add Secrets as a distinct row in their version of the matrix to give this area explicit focus.

Examples of secrets management in each operational function

We’ll go through a few examples of secrets management within the cyber defense matrix framework, with an emphasis on how features of an enterprise secrets management solution might solve security issues.

Identify

Because many secrets managers don’t identify loose secrets in repositories, enterprise solutions integrate with secrets detection services that do. These services work in tandem to locate vulnerable or exposed secrets and revoke their privileged access before hackers exploit them.

Additional note: When choosing third-party services or cloud hosting architecture, do your research! Add secrets management into your team’s search criteria, and only choose third-party integrations that demonstrate a commitment to security.

Protect

Secrets management solutions fall primarily into this category. Here are a few features that enterprise solutions should have.

1. Secure, encrypted, centralized storage replaces less secure locations, preventing secrets sprawl and its associated security vulnerabilities and development inefficiencies.

2. Customizable access permissions facilitate the implementation of the principle of least privilege. Access controls also help securely onboard and offboard employees.

3. Automated, platform-wide synchronization enables the many security benefits of routine secrets rotation without the development inefficiencies that plague manual secrets management. Regularly scheduled rotations protect the platform from old or forgotten secrets.

Detect

Enterprise secrets management solutions should include audit and activity logs for every action related to secrets use. This enables a security team to quickly identify suspicious activity and locate the compromised credentials or accounts.

Respond

Automated revocation and rotation practices enable security and development teams to quickly change the value of a secret, regaining administrative control over compromised credentials.

Recover

Enterprise secrets management features like secret versioning allow teams to roll back a secret’s value to prior versions in the event of a mistake or a leak.

Filling in the cyber defense framework for the secrets asset class might look something like the table below, though your team should use the framework however makes most sense for your organizational needs.

Asset Class: Secrets

Key integrations for enterprise secrets management

While security should always remain at the forefront of executive decisions, revenue-generating initiatives and development efficiency are also very important! Most teams are looking for a solution that integrates with existing systems to strengthen their security posture without inhibiting the workflow. An enterprise secrets management solution should integrate with a host of other services to ensure smooth operation. Here are a few important examples of integrations:

1. Secrets detection services help identify the scope of secrets spraw

2. Identity access and management services with SSO and SAML authentication make access to secrets more secure.

3. Integration with cloud providers and cloud-native secrets managers reduces the risk of duplicate secrets and secrets sprawl, particularly in multi-cloud environments.

FAQs

*** This is a Security Bloggers Network syndicated blog from Doppler Blog authored by Dylan Villeneuve. Read the original post at: https://www.doppler.com/blog/using-cyber-defense-matrix-for-secrets-management