Our goal is to find preemptive emerging technology companies that move the needle on technologies that can protect, detect, and respond to this truth. Technologies that increase the cyber economic cost to the attacker by making them invest in new technologies, and TTP’s to achieve their impact. Technologies in our portfolio increase adversaries cost and risk, require them to invest in testing and validation of novel techniques, slowing their progress.
Preemptive Cybersecurity Portfolio
Our preemptive cyber portfolio is based on a fundamental truth: Adversaries traverse networks, using identity to access your data.
We accelerate the adoption of emerging technology to preemptively protect, detect, and respond.
We aspire to make adversaries irrelevant.
Implementing technologies in RockITek’s preemptive cybersecurity portfolio, using best practices, can reduce uncertainty in risk management, supports movement toward hybrid solutions, and enables integrated models for decision-makers to mitigate risks.
Our portfolio is founded on three key principles pivotal to improving risk management:
Agencies need to use system and public data to prioritize reducing uncertainty in their risk management programs.
A threat informed approach to prioritizing controls based on the cyber economic cost to the attacker will positively impact risk.
Cyber Risk Management is more effective when viewing it as an organizational problem where different roles (personas) contribute to success by applying their skills, using specific technology driven tools and data.
RockITek perspectives on Networks
RockITek views “The Network” as a global aggregation of interconnected, yet autonomous resources that allows or denies traffic flows based on criteria of trust and need.
Across industries, successful models exist for defining specific allow and deny patterns based on trust and need. The scale and particulars of implementation may vary but leveraging a consistent model should be a priority. RockITek aligns with the threat informed model for protecting, detecting, and responding to network risk.
We aspire to make adversaries irrelevant.
- Start with existing models that define specific allow & deny patterns based on trust and need
- Align with a threat informed model to protect, detect, and respond to network risk
- Start at the global interconnected Internet, extend to current perimeter protections, and actualize at the micro-perimeter.
How can you trust anyone? We do it today, but what is the basis of your decision criteria?
IP address space and domains are allowed or blocked based on trust. Similarly, your authentication systems allow or deny identities using technologies that verify the user is who they say they are.
Once you determine trust and allow authenticated access, the conversation turns to authorization – the concept of how levels of trust securely pass throughout your assets – your network, systems, applications, and data to allow actions you approve and deny actions you do not.
How to Decide Who to Trust
Authentication Systems Allow or Deny Identities Based On:
- Validated IP addresses and domains.
- Authenticated access to systems and data based on username and passwords.
Zero Trust Approach
Zero Trust is a model to address this truth & government needs to use a threat informed approach to bring identity and network controls together.
Prioritize where the security of Zero Trust would provide the greatest benefits based on your risk tolerance and threat models.
The goal is to work backward from mission value to identify where you can regain an acceptable level of trust.
Start with Multi-Factor Authentication (MFA) & deciding on the right level of factors for your risk profile based on your threat models. When you log into a service with your username and password, that is not enough to verify that you are who you say you are.
Adding factors to MFA rebuilds trust and negates the work done by adversaries in stealing credentials and building tools based on stolen credentials to access your data.
Data is the lifeblood of organizations. Adversaries develop business models to monetize your data by traversing networks, often using compromised credentials to access that data.
If you don’t know where sensitive data resides, how can you make intelligent choices to manage your risk?
Data protection provides the mechanisms to ensure only authorized identities can access, move, and read your data.
- Encryption limits exposure.
- Other mechanisms include masking and preventing data from leaving your organization.
Develop and implement a risk-relevant protective, detective, and responsive controls for data is a fundamental aspect of trust.
- Start with knowing what data is sensitive and where it resides.
- Develop and automate controls for access.
- Implement data protection mechanisms such as encryption and masking.
- Use data discovery agents or connectors to crawl data sources, like filesystems, databases, and cloud object data stores.